Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32890 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 8.6 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. A sandboxed process may be able to circumvent sandbox restrictions.
|
|||||
| CVE-2022-32870 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 2.4 LOW |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information.
|
|||||
| CVE-2022-47894 | 1 Apache | 1 Zeppelin | 2025-05-05 | N/A | 5.3 MEDIUM |
|
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component
NOTE: This vulnerability only affects products that are no longer s ...
Show More |
|||||
| CVE-2024-31862 | 1 Apache | 1 Zeppelin | 2025-05-05 | N/A | 5.3 MEDIUM |
|
Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
|
|||||
| CVE-2024-31865 | 1 Apache | 1 Zeppelin | 2025-05-05 | N/A | 6.5 MEDIUM |
|
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
|
|||||
| CVE-2022-42327 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-05-05 | N/A | 7.1 HIGH |
|
x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.
|
|||||
| CVE-2024-31867 | 1 Apache | 1 Zeppelin | 2025-05-05 | N/A | 6.5 MEDIUM |
|
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
|
|||||
| CVE-2024-1983 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-05 | N/A | 7.1 HIGH |
|
The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.
|
|||||
| CVE-2022-43351 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | N/A | 6.5 MEDIUM |
|
Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.
|
|||||
| CVE-2022-43319 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2025-05-05 | N/A | 7.5 HIGH |
|
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
|
|||||
| CVE-2024-35384 | 1 Cesanta | 1 Mjs | 2025-05-05 | N/A | 5.5 MEDIUM |
|
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.
|
|||||
| CVE-2022-42798 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-05 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information.
|
|||||
| CVE-2022-36338 | 1 Insyde | 1 Insydeh2o | 2025-05-05 | N/A | 8.2 HIGH |
|
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.
|
|||||
| CVE-2022-35252 | 5 Apple, Debian, Haxx and 2 more | 18 Macos, Debian Linux, Curl and 15 more | 2025-05-05 | N/A | 3.7 LOW |
|
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
|
|||||
| CVE-2022-32899 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-05 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32898 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-05 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32889 | 1 Apple | 2 Iphone Os, Watchos | 2025-05-05 | N/A | 7.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-28697 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2025-05-05 | N/A | 6.8 MEDIUM |
|
Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
|
|||||
| CVE-2022-26373 | 2 Debian, Intel | 983 Debian Linux, Celeron 5305u, Celeron 5305u Firmware and 980 more | 2025-05-05 | N/A | 5.5 MEDIUM |
|
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
|
|||||
| CVE-2022-24297 | 1 Intel | 118 Lapbc510, Lapbc510 Firmware, Lapbc710 and 115 more | 2025-05-05 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-21233 | 1 Intel | 668 Atom C3308, Atom C3308 Firmware, Atom C3336 and 665 more | 2025-05-05 | N/A | 5.5 MEDIUM |
|
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
|
|||||
| CVE-2022-21229 | 1 Intel | 5 Control Center, Lapqc71a, Lapqc71b and 2 more | 2025-05-05 | N/A | 7.8 HIGH |
|
Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-0004 | 1 Intel | 796 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 793 more | 2025-05-05 | 7.2 HIGH | 6.8 MEDIUM |
|
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
|
|||||
| CVE-2022-0002 | 2 Intel, Oracle | 504 Atom C3308, Atom C3336, Atom C3338 and 501 more | 2025-05-05 | 2.1 LOW | 6.5 MEDIUM |
|
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
|
|||||
| CVE-2022-0001 | 2 Intel, Oracle | 458 Atom P5921b, Atom P5931b, Atom P5942b and 455 more | 2025-05-05 | 2.1 LOW | 6.5 MEDIUM |
|
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
|
|||||
| CVE-2021-33103 | 1 Intel | 386 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 383 more | 2025-05-05 | 7.2 HIGH | 6.7 MEDIUM |
|
Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
|
|||||
| CVE-2021-0117 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2025-05-05 | 4.6 MEDIUM | 7.8 HIGH |
|
Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
|
|||||
| CVE-2020-9802 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
|
|||||
| CVE-2024-35386 | 1 Cesanta | 1 Mjs | 2025-05-05 | N/A | 7.5 HIGH |
|
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.
|
|||||
| CVE-2023-46145 | 1 Themify | 1 Ultra | 2025-05-05 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.
|
|||||
| CVE-2023-38743 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-05-05 | N/A | 7.2 HIGH |
|
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
|
|||||
| CVE-2023-38600 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-05 | N/A | 8.8 HIGH |
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.
|
|||||
| CVE-2023-35074 | 2 Apple, Fedoraproject | 7 Ipados, Iphone Os, Macos and 4 more | 2025-05-05 | N/A | 8.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
|
|||||
| CVE-2023-2726 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
|
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2023-29059 | 1 3cx | 1 3cx | 2025-05-05 | N/A | 7.8 HIGH |
|
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application.
|
|||||
| CVE-2023-28005 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2025-05-05 | N/A | 6.8 MEDIUM |
|
A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device.
An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE ...
Show More |
|||||
| CVE-2023-26609 | 1 Abus | 2 Tvip 20000-21150, Tvip 20000-21150 Firmware | 2025-05-05 | N/A | 7.2 HIGH |
|
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.
|
|||||
| CVE-2023-24678 | 1 Centralite | 2 Pearl, Pearl Firmware | 2025-05-05 | N/A | 7.5 HIGH |
|
A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message.
|
|||||
| CVE-2023-22995 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 7.8 HIGH |
|
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
|
|||||
| CVE-2023-20873 | 1 Vmware | 1 Spring Boot | 2025-05-05 | N/A | 9.8 CRITICAL |
|
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
|
|||||