Total
10511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27043 | 3 Fedoraproject, Netapp, Python | 4 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2025-05-19 | N/A | 5.3 MEDIUM |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | |||||
| CVE-2025-22235 | 2025-05-16 | N/A | 7.3 HIGH | ||
| EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection | |||||
| CVE-2025-32706 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-16 | N/A | 7.8 HIGH |
| Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47777 | 2025-05-16 | N/A | 9.6 CRITICAL | ||
| 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue. | |||||
| CVE-2025-20034 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2025-20032 | 2025-05-16 | N/A | 7.9 HIGH | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2025-20031 | 2025-05-16 | N/A | 6.5 MEDIUM | ||
| Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-24308 | 2025-05-16 | N/A | 7.5 HIGH | ||
| Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20009 | 2025-05-16 | N/A | 4.1 MEDIUM | ||
| Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2025-21094 | 2025-05-16 | N/A | 7.5 HIGH | ||
| Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-4762 | 2025-05-16 | N/A | N/A | ||
| Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. | |||||
| CVE-2025-4701 | 2025-05-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host. | |||||
| CVE-2024-53827 | 2025-05-16 | N/A | 7.5 HIGH | ||
| Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation | |||||
| CVE-2025-2305 | 2025-05-16 | N/A | 8.6 HIGH | ||
| A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server. | |||||
| CVE-2025-4742 | 2025-05-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-4740 | 2025-05-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42175 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | N/A | 2.6 LOW |
| HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow. | |||||
| CVE-2025-3250 | 1 Eladmin | 1 Eladmin | 2025-05-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-38985 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2024-24981 | 2025-05-14 | N/A | 7.5 HIGH | ||
| Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||