Total
31604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45550 | 1 Ayacms Project | 1 Ayacms | 2025-04-23 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2023-5561 | 1 Wordpress | 1 Wordpress | 2025-04-23 | N/A | 5.3 MEDIUM |
| WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack | |||||
| CVE-2023-5098 | 1 Fatcatapps | 1 Campaign Monitor Optin Cat | 2025-04-23 | N/A | 8.1 HIGH |
| The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. | |||||
| CVE-2023-4807 | 1 Openssl | 1 Openssl | 2025-04-23 | N/A | 7.8 HIGH |
| Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. | |||||
| CVE-2022-29244 | 2 Netapp, Npmjs | 2 Ontap Select Deploy Administration Utility, Npm | 2025-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. | |||||
| CVE-2025-30282 | 1 Adobe | 1 Coldfusion | 2025-04-23 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2025-30294 | 1 Adobe | 1 Coldfusion | 2025-04-23 | N/A | 6.8 MEDIUM |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2025-3698 | 1 Tecno | 1 Carlcare | 2025-04-23 | N/A | 7.5 HIGH |
| Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk. | |||||
| CVE-2009-3791 | 1 Adobe | 1 Flash Media Server | 2025-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to cause a denial of service (resource exhaustion) via unknown vectors. | |||||
| CVE-2022-45504 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | |||||
| CVE-2022-45498 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | |||||
| CVE-2022-3641 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-23 | N/A | 8.8 HIGH |
| Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. | |||||
| CVE-2025-3268 | 1 Qinguoyi | 1 Tinywebserver | 2025-04-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-20026 | 2 Google, Mediatek | 20 Android, Mt6739, Mt6757 and 17 more | 2025-04-22 | N/A | 4.2 MEDIUM |
| In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541632. | |||||
| CVE-2021-32415 | 1 Msi | 1 Wrapper | 2025-04-22 | N/A | 7.8 HIGH |
| EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. | |||||
| CVE-2024-20030 | 2 Google, Mediatek | 20 Android, Mt6739, Mt6757 and 17 more | 2025-04-22 | N/A | 4.4 MEDIUM |
| In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741. | |||||
| CVE-2022-31596 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2025-04-22 | N/A | 6.0 MEDIUM |
| Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability. | |||||
| CVE-2022-2993 | 1 Zephyrproject | 1 Zephyr | 2025-04-22 | N/A | 8.6 HIGH |
| There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet. | |||||
| CVE-2022-20477 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt, there is a possible way to show hidden notifications due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241611867 | |||||
| CVE-2024-33382 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | |||||