Total
31907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26696 | 1 Apple | 1 Macos | 2025-05-28 | N/A | 8.8 HIGH |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-46835 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2025-05-28 | N/A | 4.3 MEDIUM |
| There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | |||||
| CVE-2025-31494 | 1 Agpt | 1 Autogpt | 2025-05-28 | N/A | 3.5 LOW |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no check prohibiting users from subscribing with another user's graph_id+graph_version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This vulnerability does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator. This vulnerability is fixed in 0.6.1. | |||||
| CVE-2024-8673 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | N/A | 9.1 CRITICAL |
| The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. | |||||
| CVE-2024-8699 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | N/A | 7.2 HIGH |
| The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | |||||
| CVE-2024-9765 | 1 Lukashuser | 1 Ekc Tournament Manager | 2025-05-28 | N/A | 6.5 MEDIUM |
| The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory | |||||
| CVE-2022-41237 | 1 Jenkins | 1 Dotci | 2025-05-28 | N/A | 9.8 CRITICAL |
| Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2025-24184 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-28 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-31185 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-28 | N/A | 3.3 LOW |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication. | |||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2025-05-28 | N/A | 8.1 HIGH |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | |||||
| CVE-2021-4297 | 1 Jobe Project | 1 Jobe | 2025-05-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The patch is identified as 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-5807 | 1 Esterox | 1 Business Card | 2025-05-28 | N/A | 7.2 HIGH |
| The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations. | |||||
| CVE-2022-23951 | 1 Keylime | 1 Keylime | 2025-05-27 | N/A | 5.5 MEDIUM |
| In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs. | |||||
| CVE-2024-6330 | 1 Geomywp | 1 Geo My Wordpress | 2025-05-27 | N/A | 9.8 CRITICAL |
| The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. | |||||
| CVE-2021-4226 | 1 Rsjoomla | 1 Rsfirewall\! | 2025-05-27 | N/A | 9.8 CRITICAL |
| RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented. | |||||
| CVE-2024-42835 | 1 Langflow | 1 Langflow | 2025-05-27 | N/A | 9.8 CRITICAL |
| langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | |||||
| CVE-2024-51407 | 1 Projectfloodlight | 1 Floodlight | 2025-05-27 | N/A | 6.2 MEDIUM |
| Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. | |||||
| CVE-2022-32832 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-27 | N/A | 6.7 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32807 | 1 Apple | 2 Mac Os X, Macos | 2025-05-27 | N/A | 7.1 HIGH |
| This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files. | |||||
| CVE-2022-28721 | 1 Hp | 600 1g5m0a, 1g5m0a Firmware, 1k7k6a and 597 more | 2025-05-27 | N/A | 9.8 CRITICAL |
| Certain HP Print Products are potentially vulnerable to Remote Code Execution. | |||||