Total
29514 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2025-05-15 | N/A | 8.8 HIGH |
| Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | |||||
| CVE-2022-39064 | 1 Ikea | 2 Tradfri Led1732g11, Tradfri Led1732g11 Firmware | 2025-05-15 | N/A | 8.1 HIGH |
| An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | |||||
| CVE-2022-39011 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
| The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | |||||
| CVE-2022-39065 | 1 Ikea | 2 Tradfri Gateway E1526, Tradfri Gateway E1526 Firmware | 2025-05-15 | N/A | 6.5 MEDIUM |
| A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |||||
| CVE-2022-38986 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 9.1 CRITICAL |
| The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. | |||||
| CVE-2022-42961 | 1 Wolfssl | 1 Wolfssl | 2025-05-14 | N/A | 5.3 MEDIUM |
| An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) | |||||
| CVE-2022-41323 | 1 Djangoproject | 1 Django | 2025-05-14 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | |||||
| CVE-2025-47729 | 1 Telemessage | 1 Text Message Archiver | 2025-05-14 | N/A | 1.9 LOW |
| The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025. | |||||
| CVE-2025-20954 | 1 Samsung | 1 Android | 2025-05-13 | N/A | 5.5 MEDIUM |
| Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. | |||||
| CVE-2022-2630 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 4.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events. | |||||
| CVE-2022-3031 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. | |||||
| CVE-2022-3030 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 4.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. | |||||
| CVE-2022-3325 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 2.7 LOW |
| Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user. | |||||
| CVE-2022-3067 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 6.5 MEDIUM |
| An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. | |||||
| CVE-2022-3569 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-05-13 | N/A | 7.8 HIGH |
| Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | |||||
| CVE-2022-38743 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2025-05-13 | N/A | 8.8 HIGH |
| Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. | |||||
| CVE-2022-43364 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2025-05-12 | N/A | 7.5 HIGH |
| An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. | |||||
| CVE-2025-30390 | 1 Microsoft | 1 Azure Machine Learning | 2025-05-12 | N/A | 9.9 CRITICAL |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-30392 | 1 Microsoft | 1 Azure Ai Bot Service | 2025-05-12 | N/A | 9.8 CRITICAL |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-4065 | 1 Scriptandtools | 1 Online Traveling System | 2025-05-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||