Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.2 MEDIUM |
|
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
|
|||||
| CVE-2025-48490 | 2025-05-30 | N/A | N/A | ||
|
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application ...
Show More |
|||||
| CVE-2025-4635 | 2025-05-30 | N/A | 6.6 MEDIUM | ||
|
A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user.
|
|||||
| CVE-2024-51392 | 2025-05-30 | N/A | 8.8 HIGH | ||
|
An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component
|
|||||
| CVE-2024-40458 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
|
An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
|
|||||
| CVE-2022-35773 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-05-29 | N/A | 7.8 HIGH |
|
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2022-37395 | 1 Huawei | 2 Cv81-wdm Fw, Cv81-wdm Fw Firmware | 2025-05-28 | N/A | 7.5 HIGH |
|
A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.
|
|||||
| CVE-2025-5148 | 2025-05-28 | 4.3 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. An attack has to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of ...
Show More |
|||||
| CVE-2024-29461 | 1 Projectfloodlight | 1 Open Sdn Controller | 2025-05-27 | N/A | 6.3 MEDIUM |
|
An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component.
|
|||||
| CVE-2023-48425 | 1 Google | 2 Chromecast, Chromecast Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
|
U-Boot vulnerability resulting in persistent Code Execution
|
|||||
| CVE-2017-7957 | 3 Debian, Redhat, Xstream | 4 Debian Linux, Fuse, Jboss Middleware and 1 more | 2025-05-23 | 5.0 MEDIUM | 7.5 HIGH |
|
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
|
|||||
| CVE-2024-25010 | 2025-05-23 | N/A | 8.8 HIGH | ||
|
Ericsson RAN Compute
and Site Controller 6610 contains in certain configurations a high severity
vulnerability where improper input validation could be exploited leading to arbitrary code execution.
|
|||||
| CVE-2025-41378 | 2025-05-23 | N/A | N/A | ||
|
The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.
|
|||||
| CVE-2025-41379 | 2025-05-23 | N/A | N/A | ||
|
The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID and therefore fail. This can be exploited by an attacker to create rules that cannot be deleted unless the device is reset to factory defaults.
|
|||||
| CVE-2022-24280 | 1 Apache | 1 Pulsar | 2025-05-22 | N/A | 6.5 MEDIUM |
|
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy auth ...
Show More |
|||||
| CVE-2022-32797 | 1 Apple | 2 Mac Os X, Macos | 2025-05-22 | N/A | 7.1 HIGH |
|
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory.
|
|||||
| CVE-2022-32786 | 1 Apple | 2 Mac Os X, Macos | 2025-05-22 | N/A | 5.5 MEDIUM |
|
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2022-22423 | 2 Ibm, Linux | 5 Aix, Common Cryptographic Architecture, I and 2 more | 2025-05-22 | N/A | 5.5 MEDIUM |
|
IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.
|
|||||
| CVE-2022-32226 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
|
An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.
|
|||||
| CVE-2022-20019 | 2 Google, Mediatek | 40 Android, Mt6595, Mt6735 and 37 more | 2025-05-22 | 2.1 LOW | 5.5 MEDIUM |
|
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620.
|
|||||
| CVE-2021-45116 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
|
|||||
| CVE-2022-26707 | 1 Apple | 1 Macos | 2025-05-22 | N/A | 5.5 MEDIUM |
|
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.
|
|||||
| CVE-2025-47282 | 2025-05-21 | N/A | 9.9 CRITICAL | ||
|
Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is ma ...
Show More |
|||||
| CVE-2024-31841 | 1 Italtel | 1 Embrace | 2025-05-21 | N/A | 7.5 HIGH |
|
An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem.
|
|||||
| CVE-2022-36448 | 1 Insyde | 1 Insydeh2o | 2025-05-21 | N/A | 8.2 HIGH |
|
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.
|
|||||
| CVE-2022-40277 | 3 Canonical, Joplinapp, Linux | 3 Ubuntu Linux, Joplin, Linux Kernel | 2025-05-20 | N/A | 7.8 HIGH |
|
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.
|
|||||
| CVE-2019-0973 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.
A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by correcting the input sanitization error to preclude unintend ...
Show More |
|||||
| CVE-2019-0722 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 9.0 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
The security update ad ...
Show More |
|||||
| CVE-2019-0713 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 5.5 MEDIUM | 6.8 MEDIUM |
|
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running a ...
Show More |
|||||
| CVE-2019-0711 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2025-05-20 | 5.5 MEDIUM | 6.8 MEDIUM |
|
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running a ...
Show More |
|||||
| CVE-2019-0710 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2025-05-20 | 5.5 MEDIUM | 6.8 MEDIUM |
|
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.
To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running a ...
Show More |
|||||
| CVE-2019-0709 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-05-20 | 7.7 HIGH | 7.6 HIGH |
|
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
The security update ad ...
Show More |
|||||
| CVE-2019-0620 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2025-05-20 | 7.7 HIGH | 7.6 HIGH |
|
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
The security update ad ...
Show More |
|||||
| CVE-2022-41606 | 1 Hashicorp | 1 Nomad | 2025-05-20 | N/A | 6.5 MEDIUM |
|
HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.
|
|||||
| CVE-2022-40923 | 1 Lief-project | 1 Lief | 2025-05-20 | N/A | 6.5 MEDIUM |
|
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
|
|||||
| CVE-2024-12014 | 2025-05-20 | N/A | N/A | ||
|
Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.
|
|||||
| CVE-2023-5964 | 1 1e | 1 Platform | 2025-05-20 | N/A | 9.9 CRITICAL |
|
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and ...
Show More |
|||||
| CVE-2025-43560 | 1 Adobe | 1 Coldfusion | 2025-05-19 | N/A | 9.1 CRITICAL |
|
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
|
|||||
| CVE-2025-29955 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-05-19 | N/A | 6.2 MEDIUM |
|
Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.
|
|||||
| CVE-2025-29968 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-05-19 | N/A | 6.5 MEDIUM |
|
Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
|
|||||