Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42942 | 1 Autodesk | 11 Autocad, Autocad Advance Steel, Autocad Architecture and 8 more | 2025-05-08 | 7.8 High |
| A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-42233 | 1 Tenda | 2 11n, 11n Firmware | 2025-05-08 | 9.8 Critical |
| Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | ||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 7.2 High |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | ||||
| CVE-2022-2762 | 1 Adminpad Project | 1 Adminpad | 2025-05-08 | 6.5 Medium |
| The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack | ||||
| CVE-2024-25909 | 1 Joomunited | 1 Wp Media Folder | 2025-05-08 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | ||||
| CVE-2024-24310 | 1 Ethercreation | 1 Generate Barcode On Invoice \/ Delivery Slip | 2025-05-08 | 8.8 High |
| In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection. | ||||
| CVE-2024-24309 | 1 Ecomiz | 2 Ecomiz Survey Tma, Survey Tma | 2025-05-08 | 7.5 High |
| In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction. | ||||
| CVE-2024-22220 | 1 Terminalfour | 2 Formbank, Terminalfour | 2025-05-08 | 6.3 Medium |
| An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview. | ||||
| CVE-2022-27626 | 1 Synology | 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more | 2025-05-08 | 10 Critical |
| A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500. | ||||
| CVE-2022-36958 | 1 Solarwinds | 1 Orion Platform | 2025-05-08 | 8.8 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2025-23139 | 2025-05-08 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-53130 | 2025-05-08 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-53129 | 2025-05-08 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-53122 | 2025-05-08 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-53104 | 2025-05-08 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-49897 | 2025-05-08 | 7.0 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-49856 | 2025-05-08 | 1.9 Low | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-49843 | 2025-05-08 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-48944 | 1 Apache | 1 Kylin | 2025-05-08 | 6.5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue. | ||||
| CVE-2020-17386 | 1 Cellopoint | 1 Cellos | 2025-05-08 | 6.5 Medium |
| Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system. | ||||