Total
29514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3780 | 1 Devolutions | 1 Remote Desktop Manager | 2025-05-05 | N/A | 7.5 HIGH |
| Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | |||||
| CVE-2022-22442 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2025-05-05 | N/A | 6.5 MEDIUM |
| "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | |||||
| CVE-2023-1401 | 1 Gitlab | 1 Gitlab | 2025-05-05 | N/A | 5.0 MEDIUM |
| An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | |||||
| CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2025-05-05 | N/A | 4.9 MEDIUM |
| A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | |||||
| CVE-2023-3906 | 1 Gitlab | 1 Gitlab | 2025-05-05 | N/A | 3.5 LOW |
| An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. | |||||
| CVE-2024-58136 | 1 Yiiframework | 1 Yii | 2025-05-03 | N/A | 9.0 CRITICAL |
| Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. | |||||
| CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2025-05-02 | N/A | 9.8 CRITICAL |
| Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | |||||
| CVE-2022-42707 | 1 Mahara | 1 Mahara | 2025-05-02 | N/A | 7.5 HIGH |
| In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. | |||||
| CVE-2022-38582 | 1 Watchdog | 1 Anti-virus | 2025-05-02 | N/A | 6.5 MEDIUM |
| Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. | |||||
| CVE-2004-0230 | 7 Juniper, Mcafee, Microsoft and 4 more | 12 Junos, Network Data Loss Prevention, Windows 2000 and 9 more | 2025-05-02 | 5.0 MEDIUM | N/A |
| TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | |||||
| CVE-2022-24309 | 1 Mendix | 1 Mendix | 2025-05-02 | 4.9 MEDIUM | 6.8 MEDIUM |
| A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. | |||||
| CVE-2024-27054 | 1 Linux | 1 Linux Kernel | 2025-05-02 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path causes refcount to artificially decrease on each error while it should just stay the same. | |||||
| CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
| CVE-2022-20452 | 1 Google | 1 Android | 2025-05-01 | N/A | 7.8 HIGH |
| In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240138318 | |||||
| CVE-2021-33193 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | |||||
| CVE-2022-30556 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | |||||
| CVE-2022-44560 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 5.3 MEDIUM |
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | |||||
| CVE-2022-27673 | 1 Amd | 1 Amd Link | 2025-05-01 | N/A | 7.5 HIGH |
| Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | |||||
| CVE-2021-37499 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | N/A | 6.5 MEDIUM |
| CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers. | |||||
| CVE-2023-44031 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | N/A | 7.5 HIGH |
| Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | |||||