Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 30342 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46321 1 Huawei 2 Emui, Harmonyos 2025-04-16 N/A 7.5 HIGH
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46318 1 Huawei 2 Emui, Harmonyos 2025-04-16 N/A 5.3 MEDIUM
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.
CVE-2022-41599 1 Huawei 2 Emui, Harmonyos 2025-04-16 N/A 7.5 HIGH
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38733 1 Netapp 1 Oncommand Insight 2025-04-16 N/A 8.6 HIGH
OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component.
CVE-2022-34270 1 Rws 1 Worldserver 2025-04-16 N/A 9.8 CRITICAL
An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
CVE-2025-24411 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-04-16 N/A 8.1 HIGH
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction.
CVE-2025-24422 1 Adobe 1 Commerce B2b 2025-04-16 N/A 6.5 MEDIUM
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
CVE-2025-24423 1 Adobe 1 Commerce B2b 2025-04-16 N/A 4.3 MEDIUM
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
CVE-2025-24424 1 Adobe 1 Commerce B2b 2025-04-16 N/A 6.5 MEDIUM
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
CVE-2025-24426 1 Adobe 1 Commerce B2b 2025-04-16 N/A 6.5 MEDIUM
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
CVE-2023-44039 1 Veridiumid 1 Veridiumad 2025-04-16 N/A 9.1 CRITICAL
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account.
CVE-2022-38655 2025-04-16 N/A 6.4 MEDIUM
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site.
CVE-2022-28283 2025-04-16 N/A 6.5 MEDIUM
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.
CVE-2022-26384 2025-04-16 N/A 9.6 CRITICAL
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CVE-2022-26383 2025-04-16 N/A 4.3 MEDIUM
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CVE-2022-22763 2025-04-16 N/A 8.8 HIGH
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-22762 2025-04-16 N/A 4.3 MEDIUM
Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
CVE-2022-22761 2025-04-16 N/A 8.8 HIGH
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-22759 2025-04-16 N/A 9.6 CRITICAL
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CVE-2022-22756 2025-04-16 N/A 8.8 HIGH
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.