Total
29572 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25160 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2025-04-16 | 6.8 Medium |
| Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. | ||||
| CVE-2021-38425 | 1 Eprosima | 1 Fast Dds | 2025-04-16 | 7.5 High |
| eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. | ||||
| CVE-2021-27444 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2025-04-16 | 9.8 Critical |
| The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator. | ||||
| CVE-2022-1667 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2025-04-16 | 7.5 High |
| Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script | ||||
| CVE-2022-2105 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2025-04-16 | 9.4 Critical |
| Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. | ||||
| CVE-2022-2088 | 1 Smartics | 1 Smartics | 2025-04-16 | 6.8 Medium |
| An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | ||||
| CVE-2022-1520 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2025-04-16 | 4.3 Medium |
| When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9. | ||||
| CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | 4.3 Medium |
| If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | ||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2025-04-16 | 9.8 Critical |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2022-2792 | 1 Emerson | 1 Electric\'s Proficy | 2025-04-16 | 6.6 Medium |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | ||||
| CVE-2022-38100 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2025-04-16 | 7.5 High |
| The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network. | ||||
| CVE-2022-38453 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2025-04-16 | 3 Low |
| Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. | ||||
| CVE-2022-3382 | 1 Hiwin | 1 Robot System Software | 2025-04-16 | 7.5 High |
| HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition. | ||||
| CVE-2022-2475 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2025-04-16 | 9.8 Critical |
| Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | ||||
| CVE-2022-38355 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2025-04-16 | 7.5 High |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication. | ||||
| CVE-2022-28173 | 1 Hikvision | 4 Ds-3wf01c-2n\/o, Ds-3wf01c-2n\/o Firmware, Ds-3wf0ac-2nt and 1 more | 2025-04-16 | 9.1 Critical |
| The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | ||||
| CVE-2022-31683 | 1 Pivotal Software | 1 Concourse | 2025-04-16 | 5.4 Medium |
| Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. | ||||
| CVE-2022-44643 | 2 Amd, Grafana | 2 Amd64, Enterprise Metrics | 2025-04-15 | 5.7 Medium |
| A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64. | ||||
| CVE-2022-3186 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2025-04-15 | 8.6 High |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information. | ||||
| CVE-2021-40419 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | ||||