Total
292426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30422 | 2025-05-02 | N/A | 6.5 MEDIUM | ||
| A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination. | |||||
| CVE-2022-27562 | 2025-05-02 | N/A | 4.6 MEDIUM | ||
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. | |||||
| CVE-2025-23177 | 2025-05-02 | N/A | 7.6 HIGH | ||
| CWE-427: Uncontrolled Search Path Element | |||||
| CVE-2025-27134 | 2025-05-02 | N/A | 8.8 HIGH | ||
| Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3. | |||||
| CVE-2025-4146 | 2025-05-02 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24345 | 2025-05-02 | N/A | 6.3 MEDIUM | ||
| A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request. | |||||
| CVE-2025-44194 | 2025-05-02 | N/A | 7.3 HIGH | ||
| SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household. | |||||
| CVE-2025-4091 | 2025-05-02 | N/A | 6.5 MEDIUM | ||
| Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10. | |||||
| CVE-2025-23178 | 2025-05-02 | N/A | 7.6 HIGH | ||
| CWE-923: Improper Restriction of Communication Channel to Intended Endpoints | |||||
| CVE-2025-0520 | 2025-05-02 | N/A | N/A | ||
| An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7. | |||||
| CVE-2025-4074 | 2025-05-02 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3471 | 2025-05-02 | N/A | 4.9 MEDIUM | ||
| The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action | |||||
| CVE-2025-25403 | 2025-05-02 | N/A | N/A | ||
| Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. | |||||
| CVE-2025-4111 | 2025-05-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4088 | 2025-05-02 | N/A | 6.5 MEDIUM | ||
| A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138. | |||||
| CVE-2025-39413 | 2025-05-02 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14. | |||||
| CVE-2025-24346 | 2025-05-02 | N/A | 7.5 HIGH | ||
| A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request. | |||||
| CVE-2025-3910 | 2025-05-02 | N/A | 5.4 MEDIUM | ||
| A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication. | |||||
| CVE-2025-46344 | 2025-05-02 | N/A | N/A | ||
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1. | |||||
| CVE-2025-30389 | 2025-05-02 | N/A | 8.7 HIGH | ||
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | |||||