Total
31803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31679 | 1 Vmware | 1 Spring Data Rest | 2025-05-22 | N/A | 3.7 LOW |
| Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. | |||||
| CVE-2022-23952 | 1 Keylime | 1 Keylime | 2025-05-22 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | |||||
| CVE-2021-39983 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2021-37133 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2019-13531 | 1 Medtronic | 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more | 2025-05-22 | 2.1 LOW | 4.8 MEDIUM |
| In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. | |||||
| CVE-2018-8868 | 1 Medtronic | 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more | 2025-05-22 | 6.9 MEDIUM | 6.2 MEDIUM |
| Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. | |||||
| CVE-2024-0810 | 1 Google | 1 Chrome | 2025-05-22 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2024-0804 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | N/A | 7.5 HIGH |
| Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-0755 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-22 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2024-0754 | 1 Mozilla | 1 Firefox | 2025-05-22 | N/A | 6.5 MEDIUM |
| Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. | |||||
| CVE-2024-0747 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-22 | N/A | 6.5 MEDIUM |
| When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2023-48085 | 1 Nagios | 1 Nagios Xi | 2025-05-22 | N/A | 9.8 CRITICAL |
| Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. | |||||
| CVE-2022-32819 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. | |||||
| CVE-2024-26139 | 1 Citeum | 1 Opencti | 2025-05-22 | N/A | 8.3 HIGH |
| OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application. | |||||
| CVE-2025-32728 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2025-05-22 | N/A | 4.3 MEDIUM |
| In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. | |||||
| CVE-2022-32829 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-22 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32826 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | N/A | 7.8 HIGH |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to gain root privileges. | |||||
| CVE-2022-32782 | 1 Apple | 1 Macos | 2025-05-22 | N/A | 4.4 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4. An app with root privileges may be able to access private information. | |||||
| CVE-2022-32781 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2025-05-22 | N/A | 4.4 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information. | |||||
| CVE-2022-22637 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2025-05-22 | N/A | 8.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior. | |||||