Export limit exceeded: 357888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8507 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2277 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 7.5 High |
| Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking. | ||||
| CVE-2024-6492 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 7.4 High |
| Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on Windows allows an attacker to intercept proxy credentials via a specially crafted website. | ||||
| CVE-2023-0569 | 1 Publify Project | 1 Publify | 2025-03-28 | 6.5 Medium |
| Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2023-0564 | 1 Froxlor | 1 Froxlor | 2025-03-28 | 5.4 Medium |
| Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2024-27604 | 1 Alldata | 1 Alldata | 2025-03-27 | 9.8 Critical |
| Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized. | ||||
| CVE-2024-36306 | 1 Trendmicro | 1 Apex One | 2025-03-27 | 6.1 Medium |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-28154 | 1 Jenkins | 1 Mq Notifier | 2025-03-27 | 6.5 Medium |
| Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | ||||
| CVE-2024-27182 | 1 Apache | 1 Linkis | 2025-03-27 | 4.9 Medium |
| In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue. | ||||
| CVE-2024-0047 | 1 Google | 1 Android | 2025-03-27 | 5.5 Medium |
| In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-49566 | 1 Apache | 1 Linkis | 2025-03-27 | 8.8 High |
| In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis <=1.5.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0. | ||||
| CVE-2022-33954 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2025-03-27 | 4.6 Medium |
| IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | ||||
| CVE-2025-1474 | 1 Lfprojects | 1 Mlflow | 2025-03-27 | 5.5 Medium |
| In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0. | ||||
| CVE-2023-24162 | 1 Hutool | 1 Hutool | 2025-03-27 | 9.8 Critical |
| Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. | ||||
| CVE-2022-48161 | 1 Easy Images Project | 1 Easy Images | 2025-03-27 | 7.5 High |
| Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. | ||||
| CVE-2022-48094 | 1 Lmxcms | 1 Lmxcms | 2025-03-27 | 4.9 Medium |
| lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. | ||||
| CVE-2022-44645 | 1 Apache | 1 Linkis | 2025-03-27 | 8.8 High |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1. | ||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 6.1 Medium |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2023-22574 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 8.1 High |
| Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | ||||
| CVE-2023-22572 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 7.8 High |
| Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | ||||
| CVE-2025-2622 | 1 Aizuda | 1 Snail-job | 2025-03-26 | 6.3 Medium |
| A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||