Total
31914 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32910 | 1 Apple | 2 Mac Os X, Macos | 2025-05-06 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. | |||||
| CVE-2022-32909 | 1 Apple | 1 Iphone Os | 2025-05-06 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32887 | 1 Apple | 1 Iphone Os | 2025-05-06 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32881 | 1 Apple | 3 Macos, Tvos, Watchos | 2025-05-06 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. | |||||
| CVE-2022-32879 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | N/A | 2.4 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen. | |||||
| CVE-2022-32947 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-06 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | |||||
| CVE-2013-2465 | 3 Oracle, Sun, Suse | 6 Jre, Jre, Linux Enterprise Desktop and 3 more | 2025-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | |||||
| CVE-2024-20325 | 1 Cisco | 1 Unified Intelligence Center | 2025-05-06 | N/A | 5.1 MEDIUM |
| A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | |||||
| CVE-2022-3308 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 7.4 HIGH |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3313 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3310 | 1 Google | 2 Android, Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium) | |||||
| CVE-2022-31692 | 2 Netapp, Vmware | 2 Active Iq Unified Manager, Spring Security | 2025-05-06 | N/A | 9.8 CRITICAL |
| Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true) | |||||
| CVE-2023-6695 | 1 Fastlinemedia | 1 Beaver Themer | 2025-05-06 | N/A | 6.5 MEDIUM |
| The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary user_meta values. | |||||
| CVE-2025-3438 | 1 Inspireui | 1 Mstore Api | 2025-05-06 | N/A | 6.5 MEDIUM |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the 'wcfm_vendor' role, which is a Store Vendor role in the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3. | |||||
| CVE-2025-21176 | 3 Apple, Linux, Microsoft | 20 Macos, Linux Kernel, .net and 17 more | 2025-05-06 | N/A | 8.8 HIGH |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2025-21173 | 2 Linux, Microsoft | 3 Linux Kernel, .net, Visual Studio 2022 | 2025-05-06 | N/A | 7.3 HIGH |
| .NET Elevation of Privilege Vulnerability | |||||
| CVE-2024-38229 | 3 Apple, Linux, Microsoft | 5 Macos, Linux Kernel, .net and 2 more | 2025-05-06 | N/A | 8.1 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-35264 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2025-05-06 | N/A | 8.1 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2018-2826 | 3 Canonical, Netapp, Oracle | 18 Ubuntu Linux, Cloud Backup, Clustered Data Ontap and 15 more | 2025-05-06 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||