Total
33585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35023 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. | |||||
| CVE-2022-35022 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | |||||
| CVE-2024-1310 | 1 Automattic | 1 Woocommerce | 2025-05-27 | N/A | 4.9 MEDIUM |
| The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) | |||||
| CVE-2023-48425 | 1 Google | 2 Chromecast, Chromecast Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| U-Boot vulnerability resulting in persistent Code Execution | |||||
| CVE-2022-35024 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | |||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | N/A | 5.5 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | |||||
| CVE-2022-26112 | 1 Apache | 1 Pinot | 2025-05-27 | N/A | 9.8 CRITICAL |
| In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 | |||||
| CVE-2021-3187 | 2 Apple, Beyondtrust | 2 Mac Os X, Privilege Management For Mac | 2025-05-27 | N/A | 8.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | |||||
| CVE-2025-1847 | 1 Zframeworks | 1 Zz | 2025-05-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13568 | 1 Wpmanageninja | 1 Fluent Support | 2025-05-26 | N/A | 7.5 HIGH |
| The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets. | |||||
| CVE-2024-13611 | 1 Wordplus | 1 Better Messages | 2025-05-26 | N/A | 7.5 HIGH |
| The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages. | |||||
| CVE-2021-21350 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 7.5 HIGH | 5.3 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21344 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 7.5 HIGH | 5.3 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21343 | 6 Apache, Debian, Fedoraproject and 3 more | 15 Activemq, Jmeter, Debian Linux and 12 more | 2025-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2021-21351 | 6 Apache, Debian, Fedoraproject and 3 more | 16 Activemq, Jmeter, Debian Linux and 13 more | 2025-05-23 | 6.5 MEDIUM | 5.4 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2025-24805 | 1 Opensecurity | 1 Mobile Security Framework | 2025-05-23 | N/A | 5.5 MEDIUM |
| Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-24539 | 1 Fusionpbx | 1 Fusionpbx | 2025-05-23 | N/A | 5.3 MEDIUM |
| FusionPBX before 5.2.0 does not validate a session. | |||||
| CVE-2022-35257 | 1 Ui | 1 Desktop | 2025-05-22 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | |||||
| CVE-2022-30121 | 1 Ivanti | 1 Endpoint Manager | 2025-05-22 | N/A | 6.7 MEDIUM |
| The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system. | |||||
| CVE-2022-32816 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-22 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. | |||||