Total
29736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47717 | 1 Lastyard | 1 Last Yard | 2025-03-27 | 7.5 High |
| Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). | ||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2025-03-27 | 9.8 Critical |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | ||||
| CVE-2022-48079 | 1 Mengnai | 1 Aapanel Host System | 2025-03-27 | 9.8 Critical |
| Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. | ||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2025-03-27 | 7.4 High |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | ||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2025-03-27 | 6.6 Medium |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | ||||
| CVE-2022-45097 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-27 | 6.3 Medium |
| Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | ||||
| CVE-2022-48164 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-03-26 | 7.5 High |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | ||||
| CVE-2022-46679 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 6.5 Medium |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2022-33323 | 1 Mitsubishielectric | 102 Rh-12fh55, Rh-12fh55 Firmware, Rh-12fh70 and 99 more | 2025-03-26 | 7.5 High |
| Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | ||||
| CVE-2022-25338 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 6.8 Medium |
| ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | ||||
| CVE-2022-25339 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 5.5 Medium |
| ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | ||||
| CVE-2022-47070 | 1 Nvs365 | 2 Nvs-365-v01, Nvs-365-v01 Firmware | 2025-03-26 | 7.5 High |
| NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. | ||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-26 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | ||||
| CVE-2022-43665 | 1 Estsoft | 1 Alyac | 2025-03-26 | 5.5 Medium |
| A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | 7.4 High |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2022-25853 | 1 Semver-tags Project | 1 Semver-tags | 2025-03-25 | 7.4 High |
| All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | ||||
| CVE-2023-51712 | 1 Arm | 1 Trusted Firmware-m | 2025-03-25 | 4.7 Medium |
| An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | ||||
| CVE-2024-6201 | 1 Haloservicesolutions | 1 Haloitsm | 2025-03-25 | 5.3 Medium |
| HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | ||||
| CVE-2022-46663 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Less, Enterprise Linux | 2025-03-25 | 7.5 High |
| In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | ||||
| CVE-2020-4316 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 4.7 Medium |
| IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354. | ||||