Total
88814 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40418 | 1 Apple | 3 Watch Ultra, Watch Ultra 2, Watchos | 2025-05-05 | N/A | 5.5 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app. | |||||
| CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2025-05-05 | N/A | 4.8 MEDIUM |
| Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | |||||
| CVE-2022-43241 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43240 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43082 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2025-05-05 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter. | |||||
| CVE-2022-3499 | 1 Tenable | 1 Nessus | 2025-05-05 | N/A | 6.5 MEDIUM |
| An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | |||||
| CVE-2024-25848 | 1 Team-ever | 1 Seo | 2025-05-05 | N/A | 5.9 MEDIUM |
| In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions. | |||||
| CVE-2023-32005 | 1 Nodejs | 1 Node.js | 2025-05-05 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2022-43245 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43244 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43243 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43242 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-43239 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | N/A | 6.5 MEDIUM |
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | |||||
| CVE-2022-42753 | 1 Salonerp Project | 1 Salonerp | 2025-05-05 | N/A | 6.1 MEDIUM |
| SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks. | |||||
| CVE-2022-42749 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42748 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42747 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42746 | 1 Auieo | 1 Candidats | 2025-05-05 | N/A | 6.1 MEDIUM |
| CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. | |||||
| CVE-2022-42743 | 1 Deep-parse-json Project | 1 Deep-parse-json | 2025-05-05 | N/A | 5.3 MEDIUM |
| deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | |||||
| CVE-2022-41714 | 1 Fastest-json-copy Project | 1 Fastest-json-copy | 2025-05-05 | N/A | 5.3 MEDIUM |
| fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited. | |||||