Total
31915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2726 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-29059 | 1 3cx | 1 3cx | 2025-05-05 | N/A | 7.8 HIGH |
| 3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the 3CX DesktopApp Electron macOS application. | |||||
| CVE-2023-28005 | 2 Microsoft, Trendmicro | 2 Windows, Trend Micro Endpoint Encryption | 2025-05-05 | N/A | 6.8 MEDIUM |
| A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone. | |||||
| CVE-2023-26609 | 1 Abus | 2 Tvip 20000-21150, Tvip 20000-21150 Firmware | 2025-05-05 | N/A | 7.2 HIGH |
| ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. | |||||
| CVE-2023-24678 | 1 Centralite | 2 Pearl, Pearl Firmware | 2025-05-05 | N/A | 7.5 HIGH |
| A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message. | |||||
| CVE-2023-22995 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 7.8 HIGH |
| In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. | |||||
| CVE-2023-20873 | 1 Vmware | 1 Spring Boot | 2025-05-05 | N/A | 9.8 CRITICAL |
| In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | |||||
| CVE-2023-0767 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-05-05 | N/A | 8.8 HIGH |
| An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2023-0136 | 1 Google | 2 Android, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4415 | 1 Systemd Project | 1 Systemd | 2025-05-05 | N/A | 5.5 MEDIUM |
| A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | |||||
| CVE-2022-39189 | 2 Linux, Netapp | 2 Linux Kernel, Hci Baseboard Management Controller | 2025-05-05 | N/A | 7.8 HIGH |
| An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | |||||
| CVE-2022-36946 | 3 Debian, Linux, Netapp | 7 Debian Linux, Linux Kernel, Active Iq Unified Manager and 4 more | 2025-05-05 | N/A | 7.5 HIGH |
| nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. | |||||
| CVE-2023-42852 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2025-05-05 | N/A | 8.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-41068 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2025-05-05 | N/A | 7.8 HIGH |
| An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges. | |||||
| CVE-2023-41063 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-05 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-40419 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2025-05-05 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges. | |||||
| CVE-2023-40418 | 1 Apple | 3 Watch Ultra, Watch Ultra 2, Watchos | 2025-05-05 | N/A | 5.5 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app. | |||||
| CVE-2023-40125 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40120 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40116 | 1 Google | 1 Android | 2025-05-05 | N/A | 7.8 HIGH |
| In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||