Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37017 | 1 Broadcom | 1 Symantec Endpoint Protection | 2025-04-24 | N/A | 7.5 HIGH |
| Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | |||||
| CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2025-04-24 | N/A | 9.8 CRITICAL |
| Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2025-46394 | 2025-04-24 | N/A | 3.2 LOW | ||
| In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. | |||||
| CVE-2025-26382 | 2025-04-24 | N/A | N/A | ||
| Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue | |||||
| CVE-2024-32752 | 2025-04-24 | N/A | 9.1 CRITICAL | ||
| The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access | |||||
| CVE-2023-39810 | 1 Busybox | 1 Busybox | 2025-04-24 | N/A | 7.8 HIGH |
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | |||||
| CVE-2022-45797 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-04-24 | N/A | 7.1 HIGH |
| An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-45640 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-24 | N/A | 7.5 HIGH |
| Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | |||||
| CVE-2022-45337 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2025-04-24 | N/A | 7.5 HIGH |
| Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | |||||
| CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2025-04-24 | N/A | 7.8 HIGH |
| LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | |||||
| CVE-2022-45328 | 1 Church Management System Project | 1 Church Management System | 2025-04-24 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. | |||||
| CVE-2022-45215 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-24 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | |||||
| CVE-2022-45045 | 1 Xiongmaitech | 144 Mbd6304t, Mbd6304t Firmware, Nbd6808t-pl and 141 more | 2025-04-24 | N/A | 8.8 HIGH |
| Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd. | |||||
| CVE-2022-44962 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | |||||
| CVE-2022-44961 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | |||||
| CVE-2022-44960 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | |||||
| CVE-2022-44955 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | |||||
| CVE-2022-44954 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add". | |||||
| CVE-2022-44953 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 5.4 MEDIUM |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | |||||
| CVE-2022-44952 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 5.4 MEDIUM |
| Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". | |||||