Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20904 | 1 Oracle | 1 Business Intelligence | 2025-05-15 | N/A | 5.0 MEDIUM |
|
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Succ ...
Show More |
|||||
| CVE-2022-28887 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2025-05-15 | N/A | 4.3 MEDIUM |
|
Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.
|
|||||
| CVE-2022-42902 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2025-05-15 | N/A | 8.8 HIGH |
|
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
|
|||||
| CVE-2025-3744 | 1 Hashicorp | 1 Nomad | 2025-05-15 | N/A | 7.6 HIGH |
|
Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.
|
|||||
| CVE-2024-20977 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql | 2025-05-15 | N/A | 6.5 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability ...
Show More |
|||||
| CVE-2024-20948 | 1 Oracle | 1 Knowledge Management | 2025-05-15 | N/A | 6.1 MEDIUM |
|
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional pro ...
Show More |
|||||
| CVE-2022-20464 | 1 Google | 1 Android | 2025-05-15 | N/A | 5.5 MEDIUM |
|
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A
|
|||||
| CVE-2024-23206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-15 | N/A | 6.5 MEDIUM |
|
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
|
|||||
| CVE-2024-0809 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-15 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-40469 | 1 Ikuai8 | 1 Ikuaios | 2025-05-15 | N/A | 8.8 HIGH |
|
iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
|
|||||
| CVE-2022-38982 | 1 Huawei | 1 Harmonyos | 2025-05-15 | N/A | 9.8 CRITICAL |
|
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
|
|||||
| CVE-2022-32931 | 1 Apple | 1 Macos | 2025-05-15 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information.
|
|||||
| CVE-2024-3748 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | N/A | 6.5 MEDIUM |
|
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
|
|||||
| CVE-2024-3749 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | N/A | 6.5 MEDIUM |
|
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
|
|||||
| CVE-2024-1204 | 1 Metabox | 1 Meta Box | 2025-05-15 | N/A | 4.3 MEDIUM |
|
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts.
|
|||||
| CVE-2022-42142 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-14 | N/A | 7.2 HIGH |
|
Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.
|
|||||
| CVE-2022-41588 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
|
The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.
|
|||||
| CVE-2022-41586 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
|
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2022-41471 | 1 74cms | 1 74cmsse | 2025-05-14 | N/A | 6.5 MEDIUM |
|
74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.
|
|||||
| CVE-2024-5333 | 1 Stellarwp | 1 The Events Calendar | 2025-05-14 | N/A | 5.3 MEDIUM |
|
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.
|
|||||
| CVE-2023-52030 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-14 | N/A | 9.8 CRITICAL |
|
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.
|
|||||
| CVE-2022-41589 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
|
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
|
|||||
| CVE-2022-41582 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
|
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
|
|||||
| CVE-2022-41581 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 9.1 CRITICAL |
|
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
|
|||||
| CVE-2022-41576 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.8 HIGH |
|
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
|
|||||
| CVE-2024-0340 | 1 Linux | 1 Linux Kernel | 2025-05-14 | N/A | 4.4 MEDIUM |
|
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
|
|||||
| CVE-2024-13117 | 1 Artlosk | 1 Share Buttons | 2025-05-13 | N/A | 6.5 MEDIUM |
|
The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded
|
|||||
| CVE-2025-20953 | 1 Samsung | 1 Android | 2025-05-13 | N/A | 5.1 MEDIUM |
|
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
|
|||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | N/A | 9.8 CRITICAL |
|
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
|
|||||
| CVE-2024-21090 | 1 Oracle | 1 Mysql Connector\/python | 2025-05-13 | N/A | 7.5 HIGH |
|
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). ...
Show More |
|||||
| CVE-2025-24899 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | N/A | 7.5 HIGH |
|
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a G ...
Show More |
|||||
| CVE-2025-24968 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | N/A | 8.8 HIGH |
|
reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and ...
Show More |
|||||
| CVE-2024-25148 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-13 | N/A | 5.4 MEDIUM |
|
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.
|
|||||
| CVE-2021-33330 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the targeted user’s email address and current CSRF token.
|
|||||
| CVE-2020-15840 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
|
|||||
| CVE-2022-3066 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 5.4 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
|
|||||
| CVE-2022-3288 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 3.5 LOW |
|
A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.
|
|||||
| CVE-2022-3286 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 5.3 MEDIUM |
|
Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a deploy token
|
|||||
| CVE-2025-30158 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 7.1 HIGH |
|
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0.
|
|||||
| CVE-2025-31118 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 7.1 HIGH |
|
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.
|
|||||