Export limit exceeded: 25196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32229 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. | ||||
| CVE-2018-10596 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2025-05-22 | 7.1 High |
| Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications. | ||||
| CVE-2023-6757 | 1 Thecosy | 1 Icecms | 2025-05-22 | 5.3 Medium |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability. | ||||
| CVE-2023-47619 | 1 Audiobookshelf | 1 Audiobookshelf | 2025-05-22 | 8.1 High |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | ||||
| CVE-2023-51438 | 2 Microchip, Siemens | 4 Maxview Storage Manager, Simatic Ipc1047e, Simatic Ipc647e and 1 more | 2025-05-22 | 10 Critical |
| A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. | ||||
| CVE-2022-26707 | 1 Apple | 1 Macos | 2025-05-22 | 5.5 Medium |
| An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information. | ||||
| CVE-2025-27980 | 1 Oldmoon | 1 Cashbook | 2025-05-22 | 6.5 Medium |
| cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=. | ||||
| CVE-2024-45805 | 1 Citeum | 1 Opencti | 2025-05-22 | 4.3 Medium |
| OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0. | ||||
| CVE-2022-32825 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-22 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory. | ||||
| CVE-2022-32805 | 1 Apple | 2 Mac Os X, Macos | 2025-05-22 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to access sensitive user information. | ||||
| CVE-2022-32220 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 6.5 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-32219 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated. | ||||
| CVE-2024-31841 | 1 Italtel | 1 Embrace | 2025-05-21 | 7.5 High |
| An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. | ||||
| CVE-2022-36448 | 1 Insyde | 1 Insydeh2o | 2025-05-21 | 8.2 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. | ||||
| CVE-2022-2760 | 1 Octopus | 1 Octopus Server | 2025-05-21 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. | ||||
| CVE-2022-39031 | 1 Lcnet | 1 Smart Evision | 2025-05-21 | 5.3 Medium |
| Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only. | ||||
| CVE-2022-39029 | 1 Lcnet | 1 Smart Evision | 2025-05-21 | 6.5 Medium |
| Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information. | ||||
| CVE-2022-39030 | 1 Lcnet | 1 Smart Evision | 2025-05-21 | 7.5 High |
| smart eVision has inadequate authorization for system information query function. An unauthenticated remote attacker, who is not explicitly authorized to access the information, can access sensitive information. | ||||
| CVE-2022-22525 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2025-05-21 | 7.2 High |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function | ||||
| CVE-2022-3348 | 1 Tooljet | 1 Tooljet | 2025-05-21 | 4.9 Medium |
| Just like in the previous report, an attacker could steal the account of different users. But in this case, it's a little bit more specific, because it is needed to be an editor in the same app as the victim. | ||||