Total
32104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48128 | 1 Linecorp | 1 Line | 2025-05-29 | N/A | 5.4 MEDIUM |
| An issue in UNITED BOXING GYM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-48126 | 1 Linecorp | 1 Line | 2025-05-29 | N/A | 5.4 MEDIUM |
| An issue in Luxe Beauty Clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2022-28204 | 1 Mediawiki | 1 Mediawiki | 2025-05-29 | N/A | 7.5 HIGH |
| A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk. | |||||
| CVE-2024-6420 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-05-29 | N/A | 8.6 HIGH |
| The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | |||||
| CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | |||||
| CVE-2022-35065 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | N/A | 6.5 MEDIUM |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. | |||||
| CVE-2022-32911 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-29 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32883 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-29 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information. | |||||
| CVE-2025-21224 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | |||||
| CVE-2023-40076 | 1 Google | 1 Android | 2025-05-29 | N/A | 5.5 MEDIUM |
| In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21216 | 1 Google | 1 Android | 2025-05-29 | N/A | 9.8 CRITICAL |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-41138 | 1 Zutty Project | 1 Zutty | 2025-05-29 | N/A | 9.8 CRITICAL |
| In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. | |||||
| CVE-2022-37883 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-29 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-28639 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-29 | N/A | 8.8 HIGH |
| A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities. | |||||
| CVE-2022-28638 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-29 | N/A | 7.8 HIGH |
| An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses these security vulnerabilities. | |||||
| CVE-2017-20148 | 1 Debian | 1 Logcheck | 2025-05-29 | N/A | 9.8 CRITICAL |
| In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. | |||||
| CVE-2017-20147 | 1 Smokeping | 1 Smokeping | 2025-05-29 | N/A | 6.5 MEDIUM |
| In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped. | |||||
| CVE-2016-20015 | 1 Smokeping | 1 Smokeping | 2025-05-29 | N/A | 7.5 HIGH |
| In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown. | |||||
| CVE-2025-3928 | 3 Commvault, Linux, Microsoft | 3 Commvault, Linux Kernel, Windows | 2025-05-28 | N/A | 8.8 HIGH |
| Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. | |||||
| CVE-2024-9926 | 1 Automattic | 1 Jetpack | 2025-05-28 | N/A | 4.3 MEDIUM |
| The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form | |||||