Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32840 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-29 | N/A | 7.8 HIGH |
|
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32838 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2025-05-29 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.
|
|||||
| CVE-2022-32837 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-29 | N/A | 7.8 HIGH |
|
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.
|
|||||
| CVE-2022-32834 | 1 Apple | 2 Mac Os X, Macos | 2025-05-29 | N/A | 5.5 MEDIUM |
|
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.
|
|||||
| CVE-2022-32813 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-29 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2023-47189 | 1 Wpmudev | 1 Defender | 2025-05-29 | N/A | 5.3 MEDIUM |
|
Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0.
|
|||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
|
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
|
|||||
| CVE-2024-23739 | 2 Apple, Discord | 2 Macos, Discord | 2025-05-29 | N/A | 9.8 CRITICAL |
|
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
|
|||||
| CVE-2024-20253 | 1 Cisco | 5 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unified Contact Center Express and 2 more | 2025-05-29 | N/A | 9.9 CRITICAL |
|
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the u ...
Show More |
|||||
| CVE-2023-48128 | 1 Linecorp | 1 Line | 2025-05-29 | N/A | 5.4 MEDIUM |
|
An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-48126 | 1 Linecorp | 1 Line | 2025-05-29 | N/A | 5.4 MEDIUM |
|
An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2022-28204 | 1 Mediawiki | 1 Mediawiki | 2025-05-29 | N/A | 7.5 HIGH |
|
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.
|
|||||
| CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
|
|||||
| CVE-2022-35065 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | N/A | 6.5 MEDIUM |
|
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.
|
|||||
| CVE-2022-32911 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-29 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32883 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-29 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.
|
|||||
| CVE-2025-21224 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-05-29 | N/A | 8.1 HIGH |
|
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
|
|||||
| CVE-2023-40076 | 1 Google | 1 Android | 2025-05-29 | N/A | 5.5 MEDIUM |
|
In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-21216 | 1 Google | 1 Android | 2025-05-29 | N/A | 9.8 CRITICAL |
|
In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2022-41138 | 1 Zutty Project | 1 Zutty | 2025-05-29 | N/A | 9.8 CRITICAL |
|
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
|
|||||
| CVE-2022-37883 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-29 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these sec ...
Show More |
|||||
| CVE-2022-28639 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-29 | N/A | 8.8 HIGH |
|
A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
|
|||||
| CVE-2022-28638 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-29 | N/A | 7.8 HIGH |
|
An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities.
|
|||||
| CVE-2017-20148 | 1 Debian | 1 Logcheck | 2025-05-29 | N/A | 9.8 CRITICAL |
|
In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.
|
|||||
| CVE-2017-20147 | 1 Smokeping | 1 Smokeping | 2025-05-29 | N/A | 6.5 MEDIUM |
|
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
|
|||||
| CVE-2016-20015 | 1 Smokeping | 1 Smokeping | 2025-05-29 | N/A | 7.5 HIGH |
|
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
|
|||||
| CVE-2024-9926 | 1 Automattic | 1 Jetpack | 2025-05-28 | N/A | 4.3 MEDIUM |
|
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
|
|||||
| CVE-2024-13189 | 1 Zerowdd | 1 Myblog | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-5709 | 1 Wpbakery | 1 Page Builder | 2025-05-28 | N/A | 8.8 HIGH |
|
The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code ex ...
Show More |
|||||
| CVE-2024-7704 | 1 Weaver | 1 E-cology | 2025-05-28 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-25225 | 1 Hikashop | 1 Hikashop | 2025-05-28 | N/A | 6.5 MEDIUM |
|
A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.
|
|||||
| CVE-2023-6512 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-28 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2025-05-28 | N/A | 8.2 HIGH |
|
An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2022-37884 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.5 HIGH |
|
A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability.
|
|||||
| CVE-2022-37882 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these sec ...
Show More |
|||||
| CVE-2022-37881 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these sec ...
Show More |
|||||
| CVE-2022-37880 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these sec ...
Show More |
|||||
| CVE-2022-37879 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
|
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these sec ...
Show More |
|||||
| CVE-2022-32880 | 1 Apple | 1 Macos | 2025-05-28 | N/A | 6.5 MEDIUM |
|
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data.
|
|||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-28 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution.
|
|||||