Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45970 | 1 Alist Project | 1 Alist | 2025-04-22 | N/A | 5.4 MEDIUM |
| Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board. | |||||
| CVE-2020-18243 | 1 Enricozab | 1 Cms | 2025-04-22 | N/A | 6.5 MEDIUM |
| SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php. | |||||
| CVE-2025-24948 | 1 Joturl | 1 Joturl | 2025-04-22 | N/A | 6.5 MEDIUM |
| In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records. | |||||
| CVE-2025-24949 | 1 Joturl | 1 Joturl | 2025-04-22 | N/A | 6.5 MEDIUM |
| In JotUrl 2.0, is possible to bypass security requirements during the password change process. | |||||
| CVE-2025-28198 | 1 Hitstiresoftware | 1 Hitout Car Sale | 2025-04-22 | N/A | 5.9 MEDIUM |
| A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component. | |||||
| CVE-2024-54802 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. | |||||
| CVE-2024-54803 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-51006 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | 5.7 MEDIUM |
| Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-4010 | 1 Webdevocean | 1 Image Hover Effects | 2025-04-22 | N/A | 4.8 MEDIUM |
| The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-46905 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | N/A | 6.1 MEDIUM |
| Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS. | |||||
| CVE-2022-3930 | 1 Wpwax | 1 Directorist | 2025-04-22 | N/A | 6.5 MEDIUM |
| The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. | |||||
| CVE-2022-31596 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2025-04-22 | N/A | 6.0 MEDIUM |
| Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability. | |||||
| CVE-2022-2993 | 1 Zephyrproject | 1 Zephyr | 2025-04-22 | N/A | 8.6 HIGH |
| There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | |||||
| CVE-2022-20611 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 | |||||
| CVE-2022-20502 | 1 Google | 1 Android | 2025-04-22 | N/A | 5.5 MEDIUM |
| In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527 | |||||
| CVE-2022-20501 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.3 HIGH |
| In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933359 | |||||
| CVE-2022-20479 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764340 | |||||
| CVE-2022-20478 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764135 | |||||
| CVE-2022-20477 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867 | |||||
| CVE-2022-20476 | 1 Google | 1 Android | 2025-04-22 | N/A | 5.5 MEDIUM |
| In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-240936919 | |||||