Search
Search Results (340894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47086 | 1 Linux | 1 Linux Kernel | 2025-05-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl() implicitly assumed that the socket was already bound to a valid local socket name, i.e. Phonet object. If the socket was not bound, two separate problems would occur: 1) We'd send an pipe enablement request with an invalid source object. 2) Later socket calls could BUG on the socket unexpectedly being connected yet not bound to a valid object. | ||||
| CVE-2024-47939 | 2025-05-21 | N/A | ||
| Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]. | ||||
| CVE-2025-48427 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48426 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48425 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48424 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48423 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48422 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48421 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48420 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-48419 | 2025-05-21 | N/A | ||
| Not used | ||||
| CVE-2025-4436 | 2025-05-20 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-23122 | 2025-05-20 | N/A | ||
| This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165. | ||||
| CVE-2022-40912 | 1 Etaplighting | 1 Etap Safety Manager | 2025-05-20 | 6.1 Medium |
| ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site. | ||||
| CVE-2022-40708 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-05-20 | 3.3 Low |
| An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. | ||||
| CVE-2022-3193 | 1 Ovirt | 1 Ovirt-engine | 2025-05-20 | 6.1 Medium |
| An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages. | ||||
| CVE-2022-35722 | 1 Ibm | 1 Jazz For Service Management | 2025-05-20 | 5.4 Medium |
| IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381. | ||||
| CVE-2022-35282 | 1 Ibm | 1 Websphere Application Server | 2025-05-20 | 6.5 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data. | ||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-05-20 | 9.8 Critical |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | ||||
| CVE-2022-24373 | 1 Swmansion | 1 React Native Reanimated | 2025-05-20 | 5.3 Medium |
| The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js. | ||||