Total
31910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25744 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 8.8 HIGH |
| In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | |||||
| CVE-2021-46757 | 1 Amd | 20 Ryzen Embedded 5600e, Ryzen Embedded 5600e Firmware, Ryzen Embedded 5800e and 17 more | 2025-05-07 | N/A | 7.8 HIGH |
| Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | |||||
| CVE-2024-0248 | 1 Spider-themes | 1 Eazydocs | 2025-05-07 | N/A | 4.3 MEDIUM |
| The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. | |||||
| CVE-2023-6869 | 1 Mozilla | 1 Firefox | 2025-05-07 | N/A | 6.5 MEDIUM |
| A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6289 | 1 Swteplugins | 1 Swift Performance | 2025-05-07 | N/A | 4.3 MEDIUM |
| The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. | |||||
| CVE-2023-50272 | 1 Hpe | 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more | 2025-05-07 | N/A | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. | |||||
| CVE-2024-58113 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 5.3 MEDIUM |
| Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-2594 | 1 Wpeverest | 1 User Registration \& Membership | 2025-05-07 | N/A | 8.1 HIGH |
| The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID. | |||||
| CVE-2021-47293 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets. | |||||
| CVE-2022-41986 | 1 Iij | 1 Iij Smartkey | 2025-05-07 | N/A | 7.5 HIGH |
| Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. | |||||
| CVE-2025-45320 | 1 Lopalopa | 1 Online Service Management Portal | 2025-05-07 | N/A | 5.3 MEDIUM |
| A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. | |||||
| CVE-2025-4271 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4270 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-56196 | 1 Apache | 1 Traffic Server | 2025-05-07 | N/A | 6.3 MEDIUM |
| Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue. | |||||
| CVE-2024-25029 | 1 Ibm | 1 Personal Communications | 2025-05-07 | N/A | 9.0 CRITICAL |
| IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. | |||||
| CVE-2022-2826 | 1 Gitlab | 1 Gitlab | 2025-05-07 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO | |||||
| CVE-2024-20283 | 1 Cisco | 1 Nexus Dashboard | 2025-05-07 | N/A | 4.3 MEDIUM |
| A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster. | |||||
| CVE-2022-37915 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected. | |||||
| CVE-2022-37914 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | |||||
| CVE-2022-37913 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-05-07 | N/A | 9.8 CRITICAL |
| Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned. | |||||