Export limit exceeded: 10908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4818 | 1 Talend | 1 Open Studio For Mdm | 2025-04-09 | 5.5 Medium |
| A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability. | ||||
| CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2025-04-09 | 6.1 Medium |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | ||||
| CVE-2022-4687 | 1 Usememos | 1 Memos | 2025-04-09 | 8.1 High |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2022-4686 | 1 Usememos | 1 Memos | 2025-04-09 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2014-125057 | 1 Robitailletheknot Project | 1 Robitailletheknot | 2025-04-09 | 3.1 Low |
| A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599. | ||||
| CVE-2021-4311 | 1 Talend | 1 Open Studio | 2025-04-09 | 5.5 Medium |
| A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4683 | 1 Usememos | 1 Memos | 2025-04-09 | 6.5 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2024-29018 | 2 Mobyproject, Redhat | 2 Moby, Rhmt | 2025-04-09 | 5.9 Medium |
| Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace. | ||||
| CVE-2023-0055 | 1 Pyload | 1 Pyload | 2025-04-09 | 5.3 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. | ||||
| CVE-2023-0046 | 1 Daloradius | 1 Daloradius | 2025-04-09 | 7.2 High |
| Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2021-26355 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | 5.5 Medium |
| Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | ||||
| CVE-2015-10029 | 1 Simplexrd Project | 1 Simplexrd | 2025-04-09 | 5.5 Medium |
| A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-26343 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | 5.5 Medium |
| Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | ||||
| CVE-2022-43513 | 1 Siemens | 1 Automation License Manager | 2025-04-09 | 8.2 High |
| A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user. | ||||
| CVE-2024-33530 | 1 Jitsi | 1 Meet | 2025-04-09 | 7.5 High |
| In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby. | ||||
| CVE-2023-23595 | 1 Bluecatnetworks | 1 Device Registration Portal | 2025-04-08 | 7.5 High |
| BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported. There is no available information about whether any later version is affected. | ||||
| CVE-2017-20164 | 1 Symbiote | 1 Seed | 2025-04-08 | 6.3 Medium |
| A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The patch is identified as b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-32406 | 2025-04-08 | 8.6 High | ||
| An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response. | ||||
| CVE-2022-24913 | 1 Java-merge-sort Project | 1 Java-merge-sort | 2025-04-08 | 5.5 Medium |
| Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | ||||
| CVE-2024-58131 | 1 Fisco-bcos | 1 Fisco-bcos | 2025-04-08 | 4 Medium |
| FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network. | ||||