CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-38987 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | 7.5 | HIGH | — | 0 |
| CVE-2022-38988 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2022-38989 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | 7.5 | HIGH | — | 0 |
| CVE-2022-35194 TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-38990 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | 7.5 | HIGH | — | 0 |
| CVE-2022-38991 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2022-38992 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2022-38993 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | 7.5 | HIGH | — | 0 |
| CVE-2022-38994 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2022-38995 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | 7.5 | HIGH | — | 0 |
| CVE-2022-38996 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. | 7.5 | HIGH | — | 0 |
| CVE-2022-38997 The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | — | 0 |
| CVE-2022-38999 The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1591 The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CS... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-39000 The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39002 Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39003 Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-39004 The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. | 7.5 | HIGH | — | 0 |
| CVE-2022-39005 The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. | 7.5 | HIGH | — | 0 |
| CVE-2022-39006 The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart. | 5.9 | MEDIUM | — | 0 |
| CVE-2022-39010 The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information. | 7.5 | HIGH | — | 0 |
| CVE-2022-38621 Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-39063 When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from ... | 7.5 | HIGH | — | 0 |
| CVE-2020-25491 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-35934 TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overf... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-40710 A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please... | 7.8 | HIGH | — | 0 |
| CVE-2022-39264 nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Use... | 8.6 | HIGH | — | 0 |
| CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | 2.3 | LOW | — | 0 |
| CVE-2022-3326 Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | 4.3 | MEDIUM | — | 0 |
| CVE-2011-4820 IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. | 4.3 | MEDIUM | — | 0 |
| CVE-2012-2160 IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG par... | 6.1 | MEDIUM | — | 0 |
| CVE-2012-2201 IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a... | 7.5 | HIGH | — | 0 |
| CVE-2012-4818 IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could explo... | 6.5 | MEDIUM | — | 0 |
| CVE-2014-0144 QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input val... | 8.6 | HIGH | — | 0 |
| CVE-2014-0147 Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while ... | 6.2 | MEDIUM | — | 0 |
| CVE-2014-0148 Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_se... | 5.5 | MEDIUM | — | 0 |
| CVE-2015-1931 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla... | 5.5 | MEDIUM | — | 0 |
| CVE-2016-2338 An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags a... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15325 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-15326 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate for Ejabberd in ejabberd.pem. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-15327 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | 7.5 | HIGH | — | 0 |
| CVE-2020-15328 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-15329 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-15330 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-15331 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15332 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15333 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-15334 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-48297 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Reflected XSS.This issue affect... | N/A | NONE | — | 0 |
| CVE-2020-15337 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.