Total
10313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22342 | 1 Intel | 1 Thunderbolt Dch Driver | 2025-05-12 | N/A | 7.7 HIGH |
| Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-10635 | 1 Proofpoint | 1 Enterprise Protection | 2025-05-10 | N/A | 6.1 MEDIUM |
| Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system. | |||||
| CVE-2024-45577 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | |||||
| CVE-2024-45579 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | |||||
| CVE-2024-49844 | 1 Qualcomm | 362 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 359 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while triggering commands in the PlayReady Trusted application. | |||||
| CVE-2024-49845 | 1 Qualcomm | 292 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 289 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during the FRS UDS generation process. | |||||
| CVE-2025-21460 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. | |||||
| CVE-2022-1414 | 1 Redhat | 1 3scale Api Management | 2025-05-09 | N/A | 8.8 HIGH |
| 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. | |||||
| CVE-2024-11636 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | N/A | 4.8 MEDIUM |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-27612 | 1 Numbas | 1 Editor | 2025-05-08 | N/A | 6.2 MEDIUM |
| Numbas editor before 7.3 mishandles editing of themes and extensions. | |||||
| CVE-2025-40846 | 2025-05-08 | N/A | N/A | ||
| Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21 | |||||
| CVE-2025-20154 | 2025-05-08 | N/A | 8.6 HIGH | ||
| A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled. This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | |||||
| CVE-2025-20197 | 2025-05-08 | N/A | 6.7 MEDIUM | ||
| A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific configuration commands. An attacker could exploit this vulnerability by including crafted input in specific configuration commands. A successful exploit could allow the attacker to elevate privileges to root on the underlying operating system of an affected device. The security impact rating (SIR) of this advisory has been raised to High because an attacker could gain access to the underlying operating system of the affected device and perform potentially undetected actions. Note: The attacker must have privileges to enter configuration mode on the affected device. This is usually referred to as privilege level 15. | |||||
| CVE-2022-33178 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | N/A | 7.2 HIGH |
| A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. | |||||
| CVE-2022-42468 | 1 Apache | 1 Flume | 2025-05-07 | N/A | 9.8 CRITICAL |
| Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | |||||
| CVE-2018-6335 | 1 Facebook | 1 Hhvm | 2025-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. | |||||
| CVE-2025-2855 | 1 Eladmin | 1 Eladmin | 2025-05-06 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely. | |||||
| CVE-2024-1714 | 1 Sailpoint | 1 Identityiq | 2025-05-06 | N/A | 7.1 HIGH |
| An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request. | |||||
| CVE-2018-6334 | 1 Facebook | 1 Hhvm | 2025-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). | |||||
| CVE-2024-20327 | 1 Cisco | 13 Asr 9000v-v2, Asr 9001, Asr 9006 and 10 more | 2025-05-06 | N/A | 7.4 HIGH |
| A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router. | |||||