Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-43662 1 Openharmony 1 Openharmony 2023-01-12 N/A 7.8 HIGH
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVE-2022-35281 1 Ibm 2 Maximo Application Suite, Maximo Asset Management 2023-01-12 N/A 8.8 HIGH
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.
CVE-2022-33300 1 Qualcomm 102 Qam8295p, Qam8295p Firmware, Qca6174a and 99 more 2023-01-12 N/A 7.8 HIGH
Memory corruption in Automotive Android OS due to improper input validation.
CVE-2015-10032 1 Healthmateweb Project 1 Healthmateweb 2023-01-12 N/A 6.1 MEDIUM
A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The name of the patch is 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663.
CVE-2022-40520 1 Qualcomm 294 Apq8064au, Apq8064au Firmware, Apq8096au and 291 more 2023-01-12 N/A 7.8 HIGH
Memory corruption due to stack-based buffer overflow in Core
CVE-2022-40519 1 Qualcomm 386 Aqt1000, Aqt1000 Firmware, Ar8031 and 383 more 2023-01-12 N/A 5.5 MEDIUM
Information disclosure due to buffer overread in Core
CVE-2022-2482 1 Nokia 4 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware, Asik Airscale 474021a.102 and 1 more 2023-01-12 N/A 8.8 HIGH
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.
CVE-2022-40517 1 Qualcomm 362 Aqt1000, Aqt1000 Firmware, Ar8031 and 359 more 2023-01-12 N/A 7.8 HIGH
Memory corruption in core due to stack-based buffer overflow
CVE-2022-40516 1 Qualcomm 368 Aqt1000, Aqt1000 Firmware, Ar8031 and 365 more 2023-01-12 N/A 7.8 HIGH
Memory corruption in Core due to stack-based buffer overflow.
CVE-2022-40518 1 Qualcomm 320 Aqt1000, Aqt1000 Firmware, Ar8031 and 317 more 2023-01-12 N/A 5.5 MEDIUM
Information disclosure due to buffer overread in Core
CVE-2016-15014 1 Cesnet 1 Theme-cesnet 2023-01-12 N/A 5.5 MEDIUM
A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability.
CVE-2016-15013 1 Forumhulp 1 Search Results 2023-01-12 N/A 9.8 CRITICAL
A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628.
CVE-2021-4307 1 Baobab Project 1 Baobab 2023-01-12 N/A 9.8 CRITICAL
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627.
CVE-2022-23549 1 Discourse 1 Discourse 2023-01-12 N/A 6.5 MEDIUM
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.
CVE-2020-36646 1 Mediaarea 1 Zenlib 2023-01-12 N/A 7.5 HIGH
A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability.
CVE-2014-125063 1 Bid Project 1 Bid 2023-01-12 N/A 9.8 CRITICAL
A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.
CVE-2015-10027 1 Ttrrs-auth-ldap Project 1 Ttrrs-auth-ldap 2023-01-12 N/A 9.8 CRITICAL
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.
CVE-2017-20164 1 Symbiote 1 Seed 2023-01-12 N/A 6.1 MEDIUM
A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability.
CVE-2022-40201 1 Bentley 1 Microstation Connect 2023-01-12 N/A 7.8 HIGH
Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code.
CVE-2015-10028 1 Pear Programming Project 1 Pear Programming 2023-01-12 N/A 6.1 MEDIUM
A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624.