Total
31802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35408 | 1 Insyde | 1 Insydeh2o | 2025-05-27 | N/A | 8.2 HIGH |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.) | |||||
| CVE-2022-35031 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. | |||||
| CVE-2022-35030 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. | |||||
| CVE-2022-35029 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. | |||||
| CVE-2022-35028 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. | |||||
| CVE-2022-35027 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | |||||
| CVE-2022-35026 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | |||||
| CVE-2022-35025 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. | |||||
| CVE-2022-35023 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. | |||||
| CVE-2022-35022 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | |||||
| CVE-2024-1310 | 1 Automattic | 1 Woocommerce | 2025-05-27 | N/A | 4.9 MEDIUM |
| The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) | |||||
| CVE-2023-48425 | 2025-05-27 | N/A | 9.8 CRITICAL | ||
| U-Boot vulnerability resulting in persistent Code Execution | |||||
| CVE-2023-42884 | 2025-05-27 | N/A | 5.5 MEDIUM | ||
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | |||||
| CVE-2022-35024 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | |||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | N/A | 5.5 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | |||||
| CVE-2022-26112 | 1 Apache | 1 Pinot | 2025-05-27 | N/A | 9.8 CRITICAL |
| In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 | |||||
| CVE-2021-3187 | 2025-05-27 | N/A | 8.8 HIGH | ||
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | |||||
| CVE-2025-1847 | 1 Zframeworks | 1 Zz | 2025-05-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13568 | 1 Wpmanageninja | 1 Fluent Support | 2025-05-26 | N/A | 7.5 HIGH |
| The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets. | |||||
| CVE-2024-13611 | 1 Wordplus | 1 Better Messages | 2025-05-26 | N/A | 7.5 HIGH |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages. | |||||