Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6289 | 1 Swteplugins | 1 Swift Performance | 2025-05-07 | N/A | 4.3 MEDIUM |
|
The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
|
|||||
| CVE-2023-50272 | 1 Hpe | 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more | 2025-05-07 | N/A | 7.5 HIGH |
|
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass.
|
|||||
| CVE-2024-58113 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 5.3 MEDIUM |
|
Vulnerability of improper resource management in the memory management module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2021-47293 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbmod: Skip non-Ethernet packets
Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2
protocol, which is not always the case. As an example, for CAN devices:
$ ip link add dev vcan0 type vcan
$ ip link set up vcan0
$ tc qdisc add dev vcan0 root handle 1: htb
$ tc filter add dev vcan0 parent 1: protocol ip prio 10 \
matchall action skbmod swap mac
Doing the above silently corrupts al ...
Show More |
|||||
| CVE-2022-41986 | 1 Iij | 1 Iij Smartkey | 2025-05-07 | N/A | 7.5 HIGH |
|
Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.
|
|||||
| CVE-2025-45320 | 1 Lopalopa | 1 Online Service Management Portal | 2025-05-07 | N/A | 5.3 MEDIUM |
|
A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
|
|||||
| CVE-2025-4271 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-4270 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-56196 | 1 Apache | 1 Traffic Server | 2025-05-07 | N/A | 6.3 MEDIUM |
|
Improper Access Control vulnerability in Apache Traffic Server.
This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3.
Users are recommended to upgrade to version 10.0.4, which fixes the issue.
|
|||||
| CVE-2024-25029 | 1 Ibm | 1 Personal Communications | 2025-05-07 | N/A | 9.0 CRITICAL |
|
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
|
|||||
| CVE-2022-2826 | 1 Gitlab | 1 Gitlab | 2025-05-07 | N/A | 2.7 LOW |
|
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
|
|||||
| CVE-2024-20283 | 1 Cisco | 1 Nexus Dashboard | 2025-05-07 | N/A | 4.3 MEDIUM |
|
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.
This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.
|
|||||
| CVE-2022-37915 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machi ...
Show More |
|||||
| CVE-2022-37914 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
|
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specificall ...
Show More |
|||||
| CVE-2022-37913 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
|
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specificall ...
Show More |
|||||
| CVE-2022-43766 | 1 Apache | 1 Iotdb | 2025-05-07 | N/A | 7.5 HIGH |
|
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
|
|||||
| CVE-2022-43285 | 1 F5 | 1 Njs | 2025-05-07 | N/A | 7.5 HIGH |
|
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
|
|||||
| CVE-2022-33757 | 1 Tenable | 1 Nessus | 2025-05-07 | N/A | 6.5 MEDIUM |
|
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
|
|||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
|
|||||
| CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | N/A | 5.5 MEDIUM |
|
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
|
|||||
| CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
|
|||||
| CVE-2023-7232 | 1 Wpbackitup | 1 Backup And Restore Wordpress | 2025-05-07 | N/A | 5.3 MEDIUM |
|
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data
|
|||||
| CVE-2024-1745 | 1 Radiustheme | 1 Testimonial Slider And Showcase | 2025-05-07 | N/A | 4.3 MEDIUM |
|
The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.
|
|||||
| CVE-2022-32927 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | N/A | 7.5 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. Joining a malicious Wi-Fi network may result in a denial-of-service of the Settings app.
|
|||||
| CVE-2022-32926 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | N/A | 6.7 MEDIUM |
|
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16. An app with root privileges may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32918 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences.
|
|||||
| CVE-2022-32913 | 1 Apple | 4 Iphone Os, Macos, Tvos and 1 more | 2025-05-06 | N/A | 3.3 LOW |
|
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.
|
|||||
| CVE-2022-32907 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-05-06 | N/A | 7.8 HIGH |
|
This issue was addressed with improved checks. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32904 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.
|
|||||
| CVE-2022-32867 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 2.4 LOW |
|
This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs.
|
|||||
| CVE-2022-32866 | 1 Apple | 3 Macos, Tvos, Watchos | 2025-05-06 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32865 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32862 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information.
|
|||||
| CVE-2022-32859 | 1 Apple | 1 Iphone Os | 2025-05-06 | N/A | 5.3 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.
|
|||||
| CVE-2022-32858 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state.
|
|||||
| CVE-2022-32835 | 1 Apple | 2 Iphone Os, Watchos | 2025-05-06 | N/A | 3.3 LOW |
|
This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.
|
|||||
| CVE-2022-32794 | 1 Apple | 2 Mac Os X, Macos | 2025-05-06 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.
|
|||||
| CVE-2022-22677 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | N/A | 4.3 MEDIUM |
|
A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call.
|
|||||
| CVE-2022-32940 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | N/A | 7.8 HIGH |
|
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32939 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | N/A | 7.8 HIGH |
|
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges.
|
|||||