Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32228 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
|
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.
|
|||||
| CVE-2022-23144 | 1 Zte | 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more | 2025-05-22 | N/A | 9.1 CRITICAL |
|
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
|
|||||
| CVE-2022-32229 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | N/A | 4.3 MEDIUM |
|
A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.
|
|||||
| CVE-2022-40785 | 1 Mipcm | 2 Mipc Camera, Mipc Camera Firmware | 2025-05-22 | N/A | 8.8 HIGH |
|
Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app.
|
|||||
| CVE-2022-3047 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
|
|||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
|
|||||
| CVE-2022-2860 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
|
|||||
| CVE-2025-20955 | 1 Samsung | 1 Android | 2025-05-21 | N/A | 5.5 MEDIUM |
|
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
|
|||||
| CVE-2025-20959 | 1 Samsung | 1 Android | 2025-05-21 | N/A | 5.1 MEDIUM |
|
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.
|
|||||
| CVE-2022-3054 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2024-20294 | 1 Cisco | 247 Firepower 4110, Firepower 4112, Firepower 4115 and 244 more | 2025-05-21 | N/A | 6.6 MEDIUM |
|
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from ...
Show More |
|||||
| CVE-2025-22387 | 1 Optimizely | 1 Configured Commerce | 2025-05-21 | N/A | 7.5 HIGH |
|
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
|
|||||
| CVE-2022-3272 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-21 | N/A | 7.5 HIGH |
|
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8.
|
|||||
| CVE-2022-3057 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||||
| CVE-2025-33072 | 1 Microsoft | 1 Msagsfeedback.azurewebsites.net | 2025-05-21 | N/A | 8.1 HIGH |
|
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-05-20 | N/A | 9.8 CRITICAL |
|
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.
|
|||||
| CVE-2025-22384 | 1 Optimizely | 1 Configured Commerce | 2025-05-20 | N/A | 7.5 HIGH |
|
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.
|
|||||
| CVE-2022-1959 | 1 Spsoftmobile | 1 Applock | 2025-05-20 | N/A | 6.6 MEDIUM |
|
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.
|
|||||
| CVE-2025-23382 | 1 Dell | 1 Secure Connect Gateway | 2025-05-20 | N/A | 5.5 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c
|
|||||
| CVE-2022-42717 | 2 Hashicorp, Linux | 2 Vagrant, Linux Kernel | 2025-05-20 | N/A | 7.8 HIGH |
|
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
|
|||||
| CVE-2023-27342 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-20 | N/A | 7.8 HIGH |
|
PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of a user-supplied value prior to d ...
Show More |
|||||
| CVE-2022-42042 | 1 Democritus | 1 D8s-networking | 2025-05-19 | N/A | 9.8 CRITICAL |
|
The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.
|
|||||
| CVE-2022-42041 | 1 Democritus | 1 D8s-file-system | 2025-05-19 | N/A | 9.8 CRITICAL |
|
The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.
|
|||||
| CVE-2023-39501 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of a user-supplied value prior to ...
Show More |
|||||
| CVE-2023-39505 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 5.5 MEDIUM |
|
PDF-XChange Editor Net.HTTP.requests Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the Net.HTTP.requests method. The issue results from the exposure of a dangerous function. An attacker can ...
Show More |
|||||
| CVE-2023-40471 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of App objects. The issue results from the lack of proper validation of a user-supplied value prior to dereferenci ...
Show More |
|||||
| CVE-2023-40472 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor JavaScript String Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of strings. The issue results from the lack of proper validation of a user-supplied value prior to d ...
Show More |
|||||
| CVE-2023-39493 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 7.8 HIGH |
|
PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the exportAsText method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker ca ...
Show More |
|||||
| CVE-2023-39495 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-05-19 | N/A | 5.5 MEDIUM |
|
PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the readFileIntoStream method. The issue results from the exposure of a dangerous function. An attacker ca ...
Show More |
|||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-05-19 | N/A | 7.0 HIGH |
|
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2024-3673 | 1 Salephpscripts | 1 Web Directory Free | 2025-05-16 | N/A | 9.1 CRITICAL |
|
The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.
|
|||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2025-05-16 | N/A | 9.8 CRITICAL |
|
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
|
|||||
| CVE-2025-4118 | 1 Weitong | 1 Mall | 2025-05-16 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-22464 | 1 Ivanti | 1 Endpoint Manager | 2025-05-16 | N/A | 6.1 MEDIUM |
|
An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.
|
|||||
| CVE-2023-47354 | 1 Binhdrm26 | 1 Super Reboot | 2025-05-15 | N/A | 7.8 HIGH |
|
An issue in the PowerOffWidgetReceiver function of Super Reboot (Root) Recovery v1.0.3 allows attackers to arbitrarily reset or power off the device via a crafted intent
|
|||||
| CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2025-05-15 | N/A | 5.5 MEDIUM |
|
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968.
|
|||||
| CVE-2025-4660 | 2 Forescout, Microsoft | 2 Secureconnector, Windows | 2025-05-15 | N/A | 9.8 CRITICAL |
|
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.
This does not impact Linux or OSX Secu ...
Show More |
|||||
| CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2025-05-15 | N/A | 8.8 HIGH |
|
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.
|
|||||
| CVE-2022-39064 | 1 Ikea | 2 Tradfri Led1732g11, Tradfri Led1732g11 Firmware | 2025-05-15 | N/A | 8.1 HIGH |
|
An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is a ...
Show More |
|||||