Total
31685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34326 | 1 Realtek | 2 Rtl8195am, Rtl8195am Firmware | 2025-05-21 | N/A | 7.5 HIGH |
| In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode. | |||||
| CVE-2022-40497 | 1 Wazuh | 1 Wazuh | 2025-05-21 | N/A | 8.8 HIGH |
| Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | |||||
| CVE-2022-36771 | 1 Ibm | 1 Qradar User Behavior Analytics | 2025-05-21 | N/A | 6.5 MEDIUM |
| IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791. | |||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2025-05-21 | N/A | 8.7 HIGH |
| Microsoft Dataverse Remote Code Execution Vulnerability | |||||
| CVE-2025-4901 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4902 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-40314 | 1 Moodle | 1 Moodle | 2025-05-20 | N/A | 9.8 CRITICAL |
| A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | |||||
| CVE-2022-40274 | 2 Gridea, Linux | 2 Gridea, Linux Kernel | 2025-05-20 | N/A | 7.8 HIGH |
| Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled. | |||||
| CVE-2024-24900 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | N/A | 5.8 MEDIUM |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system. | |||||
| CVE-2023-4724 | 1 Soflyy | 2 Export Any Wordpress Data To Xml\/csv, Wp All Export | 2025-05-20 | N/A | 7.2 HIGH |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server | |||||
| CVE-2022-38732 | 1 Netapp | 1 Snapcenter | 2025-05-20 | N/A | 7.5 HIGH |
| SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | |||||
| CVE-2019-1054 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2025-05-20 | 5.1 MEDIUM | 5.0 MEDIUM |
| A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Edge handles MOTW tagging. | |||||
| CVE-2019-1045 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-05-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the Windows NFS properly handles objects in memory. | |||||
| CVE-2019-1044 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2025-05-20 | 7.2 HIGH | 5.3 MEDIUM |
| A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL). The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory to properly enforce VTLs. | |||||
| CVE-2019-1043 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 8.5 HIGH | 6.4 MEDIUM |
| A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how comctl32.dll handles objects in memory. | |||||
| CVE-2019-1041 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2025-05-20 | 7.2 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. | |||||
| CVE-2019-1040 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 4.3 MEDIUM | 5.3 MEDIUM |
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature. The update addresses the vulnerability by hardening NTLM MIC protection on the server-side. | |||||
| CVE-2019-1035 | 1 Microsoft | 4 Office, Office 365 Proplus, Office Online Server and 1 more | 2025-05-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. | |||||
| CVE-2019-1034 | 1 Microsoft | 7 Office, Office 365 Proplus, Office Online Server and 4 more | 2025-05-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. | |||||
| CVE-2019-1029 | 1 Microsoft | 1 Lync Server | 2025-05-20 | 7.1 HIGH | 5.9 MEDIUM |
| A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights. To exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time. The update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory. | |||||