Export limit exceeded: 17019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26097 | 1 Telindus | 1 Apsal | 2025-05-30 | 8.4 High |
| An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | ||||
| CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | ||||
| CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | ||||
| CVE-2022-45165 | 1 Archibus | 1 Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection. | ||||
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | ||||
| CVE-2022-38482 | 1 Mega | 1 Hopex | 2025-05-30 | 4.3 Medium |
| A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. | ||||
| CVE-2022-38481 | 1 Mega | 1 Hopex | 2025-05-30 | 6.1 Medium |
| An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features. | ||||
| CVE-2022-37028 | 1 Iris | 1 Isams | 2025-05-30 | 5.4 Medium |
| ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application. | ||||
| CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 7.8 High |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | ||||
| CVE-2022-36442 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 5.5 Medium |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK. | ||||
| CVE-2022-36441 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 7.1 High |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin. | ||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 4.1 Medium |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | ||||
| CVE-2022-34909 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 7.7 High |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | ||||
| CVE-2022-34908 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | 8.2 High |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | ||||
| CVE-2022-29931 | 1 Raytion | 1 Custom Security Manager | 2025-05-30 | 6.1 Medium |
| The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS). | ||||
| CVE-2022-24967 | 1 Blackrainbow | 1 Nimbus | 2025-05-30 | 6.5 Medium |
| Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | ||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | ||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | ||||
| CVE-2021-44035 | 1 Wolterskluwer | 1 Teammate Audit Management | 2025-05-30 | 4.4 Medium |
| Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. | ||||
| CVE-2021-43978 | 1 Allegro | 1 Allegro | 2025-05-30 | 7.1 High |
| Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | ||||