Total
399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51748 | 1 Scalefusion | 1 Scalefusion | 2025-06-20 | N/A | 8.8 HIGH |
|
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
|
|||||
| CVE-2023-20573 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2025-06-20 | N/A | 3.2 LOW |
|
A privileged attacker
can prevent delivery of debug exceptions to SEV-SNP guests potentially
resulting in guests not receiving expected debug information.
|
|||||
| CVE-2022-33631 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-06-05 | N/A | 7.3 HIGH |
|
Microsoft Excel Security Feature Bypass Vulnerability
|
|||||
| CVE-2020-16198 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-04 | 5.8 MEDIUM | 5.0 MEDIUM |
|
When an attacker claims to have a given identity,
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not prove or insufficiently proves the claim is correct.
|
|||||
| CVE-2025-31189 | 1 Apple | 1 Macos | 2025-06-02 | N/A | 8.2 HIGH |
|
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
|
|||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 4.6 MEDIUM | 7.8 HIGH |
|
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
|
|||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-28 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution.
|
|||||
| CVE-2022-26696 | 1 Apple | 1 Macos | 2025-05-28 | N/A | 8.8 HIGH |
|
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.
|
|||||
| CVE-2019-13535 | 1 Medtronic | 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more | 2025-05-22 | 2.1 LOW | 4.6 MEDIUM |
|
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.
|
|||||
| CVE-2024-0804 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 7.5 HIGH |
|
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-0747 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-22 | N/A | 6.5 MEDIUM |
|
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
|
|||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
|
|||||
| CVE-2022-32845 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-22 | N/A | 10.0 CRITICAL |
|
This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox.
|
|||||
| CVE-2025-41232 | 2025-05-21 | N/A | 9.1 CRITICAL | ||
|
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.
Your application may be affected by this if the following are true:
* You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and
* You have Spring Security method annotations on a private method
In that case, the target method may be able to be invoked without proper authorization.
You are not affected if:
* You are not usin ...
Show More |
|||||
| CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||||
| CVE-2025-21081 | 2025-05-16 | N/A | 4.5 MEDIUM | ||
|
Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-20464 | 1 Google | 1 Android | 2025-05-15 | N/A | 5.5 MEDIUM |
|
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A
|
|||||
| CVE-2024-0809 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-15 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-39011 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
|
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
|
|||||
| CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code Coverage, Jenkins | 2025-05-08 | N/A | 5.3 MEDIUM |
|
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
|
|||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2025-05-08 | N/A | 5.3 MEDIUM |
|
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
|
|||||
| CVE-2022-43434 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-05-08 | N/A | 5.3 MEDIUM |
|
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
|
|||||
| CVE-2022-43433 | 1 Jenkins | 1 Screenrecorder | 2025-05-08 | N/A | 4.3 MEDIUM |
|
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
|
|||||
| CVE-2022-43432 | 1 Jenkins | 1 Xframium Builder | 2025-05-08 | N/A | 4.3 MEDIUM |
|
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
|
|||||
| CVE-2022-43422 | 1 Jenkins | 2 Compuware Topaz Utilities, Jenkins | 2025-05-08 | N/A | 5.3 MEDIUM |
|
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
|
|||||
| CVE-2023-32006 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2025-05-08 | N/A | 8.8 HIGH |
|
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
|
|||||
| CVE-2024-25744 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 8.8 HIGH |
|
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
|
|||||
| CVE-2022-32910 | 1 Apple | 2 Mac Os X, Macos | 2025-05-06 | N/A | 7.5 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.
|
|||||
| CVE-2021-31608 | 1 Proofpoint | 1 Enterprise Protection | 2025-04-30 | N/A | 4.3 MEDIUM |
|
Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
|
|||||
| CVE-2024-29510 | 1 Artifex | 1 Ghostscript | 2025-04-28 | N/A | 6.3 MEDIUM |
|
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
|
|||||
| CVE-2022-42801 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-42821 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.
|
|||||
| CVE-2022-42848 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2025-04-21 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-46698 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2025-04-21 | N/A | 6.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.
|
|||||
| CVE-2022-20562 | 1 Google | 1 Android | 2025-04-21 | N/A | 3.3 LOW |
|
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A
|
|||||
| CVE-2017-8864 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.
|
|||||
| CVE-2017-2685 | 1 Siemens | 3 Sinumerik Integrate Access Mymachine\/ethernet, Sinumerik Integrate Operate Client, Sinumerik Operate | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
|
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2017-10952 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage ...
Show More |
|||||
| CVE-2021-32960 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-17 | 6.0 MEDIUM | 8.5 HIGH |
|
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.
|
|||||
| CVE-2021-27497 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-17 | 7.5 HIGH | 6.5 MEDIUM |
|
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
|
|||||