Export limit exceeded: 10835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25661 | 1 Qualcomm | 196 Aqt1000, Aqt1000 Firmware, Ar8035 and 193 more | 2025-05-15 | 8.4 High |
| Memory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2022-25660 | 1 Qualcomm | 186 Aqt1000, Aqt1000 Firmware, Ar8035 and 183 more | 2025-05-15 | 7.8 High |
| Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2024-10471 | 1 Wpeverest | 1 Everest Forms | 2025-05-15 | 4.8 Medium |
| The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-46054 | 2 Davidguva, Openvidreview Project | 2 Openvidreview, Openvidreview | 2025-05-15 | 9.8 Critical |
| OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. | ||||
| CVE-2022-3456 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-15 | 9.8 Critical |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. | ||||
| CVE-2022-3457 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-15 | 9.8 Critical |
| Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. | ||||
| CVE-2024-3405 | 1 Goprayer | 1 Wp Prayer | 2025-05-15 | 7.6 High |
| The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3407 | 1 Goprayer | 1 Wp Prayer | 2025-05-15 | 5.3 Medium |
| The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-3629 | 1 Dachande663 | 1 Hl Twitter | 2025-05-15 | 2.4 Low |
| The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-41199 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-05-15 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-39117 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 8.1 High |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-39115 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 5.5 Medium |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39114 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 5.5 Medium |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39112 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 5.5 Medium |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39111 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 7.8 High |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39110 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | 7.8 High |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | ||||
| CVE-2022-39065 | 1 Ikea | 2 Tradfri Gateway E1526, Tradfri Gateway E1526 Firmware | 2025-05-15 | 6.5 Medium |
| A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | ||||
| CVE-2022-38986 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | 9.1 Critical |
| The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. | ||||
| CVE-2022-2828 | 1 Octopus | 1 Octopus Server | 2025-05-15 | 6.5 Medium |
| In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability | ||||
| CVE-2024-3630 | 1 Dachande663 | 1 Hl Twitter | 2025-05-15 | 5.4 Medium |
| The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||