Total
31802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32839 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-29 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution. | |||||
| CVE-2022-32812 | 1 Apple | 2 Mac Os X, Macos | 2025-05-29 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-23948 | 1 Keylime | 1 Keylime | 2025-05-29 | N/A | 7.5 HIGH |
| A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host. | |||||
| CVE-2022-32857 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-29 | N/A | 4.3 MEDIUM |
| This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity. | |||||
| CVE-2022-32840 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-29 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32838 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2025-05-29 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files. | |||||
| CVE-2022-32837 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-29 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2022-32834 | 1 Apple | 2 Mac Os X, Macos | 2025-05-29 | N/A | 5.5 MEDIUM |
| An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | |||||
| CVE-2022-32813 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-29 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-47189 | 1 Wpmudev | 1 Defender | 2025-05-29 | N/A | 5.3 MEDIUM |
| Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. | |||||
| CVE-2024-21413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-05-29 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
| CVE-2024-23739 | 2 Apple, Discord | 2 Macos, Discord | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | |||||
| CVE-2024-20253 | 1 Cisco | 5 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unified Contact Center Express and 2 more | 2025-05-29 | N/A | 9.9 CRITICAL |
| A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | |||||
| CVE-2024-0727 | 1 Openssl | 1 Openssl | 2025-05-29 | N/A | 5.5 MEDIUM |
| Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. | |||||
| CVE-2023-48128 | 1 Linecorp | 1 Line | 2025-05-29 | N/A | 5.4 MEDIUM |
| An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-48126 | 1 Linecorp | 1 Line | 2025-05-29 | N/A | 5.4 MEDIUM |
| An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2022-28204 | 1 Mediawiki | 1 Mediawiki | 2025-05-29 | N/A | 7.5 HIGH |
| A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk. | |||||
| CVE-2024-6420 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-05-29 | N/A | 8.6 HIGH |
| The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | |||||
| CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | |||||