Export limit exceeded: 26050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4457 | 1 Cloudflare | 1 Warp | 2025-04-09 | 5.5 Medium |
| Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. | ||||
| CVE-2022-4428 | 1 Cloudflare | 1 Warp | 2025-04-09 | 8.9 High |
| support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients). | ||||
| CVE-2023-0023 | 1 Sap | 1 Bank Account Management | 2025-04-09 | 4.5 Medium |
| In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application. | ||||
| CVE-2021-26404 | 1 Amd | 46 Epyc 7003, Epyc 7003 Firmware, Epyc 7313 and 43 more | 2025-04-08 | 5.5 Medium |
| Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | ||||
| CVE-2022-4543 | 1 Linux | 1 Linux Kernel | 2025-04-08 | 5.5 Medium |
| A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. | ||||
| CVE-2023-32015 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 9.8 Critical |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | ||||
| CVE-2023-29371 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.8 High |
| Windows GDI Elevation of Privilege Vulnerability | ||||
| CVE-2022-46372 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2025-04-08 | 7.2 High |
| Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | ||||
| CVE-2023-24937 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-04-08 | 6.5 Medium |
| Windows CryptoAPI Denial of Service Vulnerability | ||||
| CVE-2022-46371 | 1 Alotceriot | 2 Ar7088h-a, Ar7088h-a Firmware | 2025-04-08 | 5.3 Medium |
| Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name. | ||||
| CVE-2023-29359 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.8 High |
| GDI Elevation of Privilege Vulnerability | ||||
| CVE-2023-22963 | 1 Personnummer | 1 Personnummer | 2025-04-07 | 5.3 Medium |
| The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. | ||||
| CVE-2023-22898 | 1 Circl | 1 Pandora | 2025-04-07 | 6.5 Medium |
| workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). | ||||
| CVE-2023-22626 | 1 Pghero Project | 1 Pghero | 2025-04-07 | 7.5 High |
| PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.) | ||||
| CVE-2023-20532 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | 5.3 Medium |
| Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | ||||
| CVE-2023-20530 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-07 | 7.5 High |
| Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | ||||
| CVE-2023-20528 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | 2.4 Low |
| Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | ||||
| CVE-2023-0299 | 1 Publify Project | 1 Publify | 2025-04-07 | 9.8 Critical |
| Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2022-42288 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-04-07 | 5.3 Medium |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | ||||
| CVE-2023-20527 | 1 Amd | 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more | 2025-04-07 | 6.5 Medium |
| Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | ||||