Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25722 1 Veracode 1 Veracode 2025-02-19 5.5 Medium
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the "Connect using proxy" option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments.
CVE-2023-25721 1 Veracode 1 Veracode 2025-02-19 6.5 Medium
Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.
CVE-2023-25260 1 Stimulsoft 1 Designer 2025-02-19 7.5 High
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
CVE-2023-20860 2 Redhat, Vmware 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more 2025-02-19 7.5 High
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.
CVE-2022-48356 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.
CVE-2022-48347 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48346 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-46415 1 Dji 2 Spark, Spark Firmware 2025-02-19 9.1 Critical
DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.
CVE-2022-46387 2 Cmder, Maximus5 2 Cmder, Conemu 2025-02-19 9.8 Critical
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
CVE-2022-24972 1 Tp-link 2 Tl-wr940n, Tl-wr940n Firmware 2025-02-19 6.5 Medium
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.
CVE-2023-24366 1 Rconfig 1 Rconfig 2025-02-19 6.5 Medium
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.
CVE-2019-8963 1 Flexera 1 Flexnet Publisher 2025-02-19 7.5 High
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
CVE-2024-9946 1 Heateor 1 Super Socializer 2025-02-19 8.1 High
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68.
CVE-2022-48359 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48357 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.
CVE-2022-47924 1 Csaf-validator-lib Project 1 Csaf-validator-lib 2025-02-19 6.5 Medium
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.
CVE-2023-28597 2 Microsoft, Zoom 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more 2025-02-19 8.3 High
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
CVE-2023-26549 1 Huawei 2 Emui, Harmonyos 2025-02-19 7.5 High
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-25261 1 Stimulsoft 2 Designer, Viewer 2025-02-19 9.8 Critical
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.
CVE-2020-8889 1 Shipstation 1 Shipstation 2025-02-19 7.5 High
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.