Total
400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31008 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | N/A | 6.5 MEDIUM |
| An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. | |||||
| CVE-2025-24091 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-12 | N/A | 5.5 MEDIUM |
| An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service. | |||||
| CVE-2025-28128 | 1 Mytel | 1 Telecom Online Account System | 2025-05-12 | N/A | 7.0 HIGH |
| An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request. | |||||
| CVE-2022-42983 | 1 Anji-plus | 1 Aj-report | 2025-05-10 | N/A | 8.8 HIGH |
| anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | |||||
| CVE-2024-58126 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | N/A | 8.4 HIGH |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2024-58127 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | N/A | 8.4 HIGH |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2025-31170 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | N/A | 8.4 HIGH |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2024-58125 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | N/A | 8.4 HIGH |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2024-58124 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | N/A | 8.4 HIGH |
| Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2023-51747 | 1 Apache | 1 James | 2025-05-05 | N/A | 7.1 HIGH |
| Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions. | |||||
| CVE-2022-38712 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-05-02 | N/A | 5.9 MEDIUM |
| "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." | |||||
| CVE-2025-46345 | 2025-05-02 | N/A | N/A | ||
| Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a forged token and the potential to access user information without proper authorization. This issue has been patched in versions 2.6.7, 2.7.0, and 3.0.0. It is recommended to upgrade to version 3.0.0 or greater. | |||||
| CVE-2024-35539 | 1 Typecho | 1 Typecho | 2025-05-01 | N/A | 6.5 MEDIUM |
| Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently. | |||||
| CVE-2024-55210 | 1 Totvs | 1 Framework \(linha Protheus\) | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websocket message. | |||||
| CVE-2024-35538 | 1 Typecho | 1 Typecho | 2025-04-28 | N/A | 5.3 MEDIUM |
| Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | |||||
| CVE-2024-21494 | 1 Greenpau | 1 Caddy-security | 2025-04-24 | N/A | 5.4 MEDIUM |
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | |||||
| CVE-2022-41798 | 1 Kyocera | 80 Ecosys M2535dn, Ecosys M2535dn Firmware, Ecosys M6526cdn and 77 more | 2025-04-24 | N/A | 6.5 MEDIUM |
| Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | |||||
| CVE-2023-51327 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-04-24 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2023-51326 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-04-24 | N/A | 6.5 MEDIUM |
| A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | |||||
| CVE-2025-29621 | 2025-04-23 | N/A | 7.3 HIGH | ||
| Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings. | |||||