Total
32105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9926 | 1 Automattic | 1 Jetpack | 2025-05-28 | N/A | 4.3 MEDIUM |
| The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form | |||||
| CVE-2024-13189 | 1 Zerowdd | 1 Myblog | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5709 | 1 Wpbakery | 1 Page Builder | 2025-05-28 | N/A | 8.8 HIGH |
| The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-7704 | 1 Weaver | 1 E-cology | 2025-05-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-25225 | 1 Hikashop | 1 Hikashop | 2025-05-28 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. | |||||
| CVE-2023-6512 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-28 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2025-05-28 | N/A | 8.2 HIGH |
| An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2022-37884 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.5 HIGH |
| A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. A successful exploitation of this vulnerability results in the unavailability of the guest interface in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-37882 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-37881 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-37880 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-37879 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-28 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address these security vulnerabilities. | |||||
| CVE-2022-32880 | 1 Apple | 1 Macos | 2025-05-28 | N/A | 6.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-28 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2022-28640 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-28 | N/A | 8.8 HIGH |
| A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability. | |||||
| CVE-2022-26696 | 1 Apple | 1 Macos | 2025-05-28 | N/A | 8.8 HIGH |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2021-46835 | 1 Huawei | 2 Ws7200-10, Ws7200-10 Firmware | 2025-05-28 | N/A | 4.3 MEDIUM |
| There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | |||||
| CVE-2025-31494 | 1 Agpt | 1 Autogpt | 2025-05-28 | N/A | 3.5 LOW |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no check prohibiting users from subscribing with another user's graph_id+graph_version. As a result, node execution updates from one user's graph execution could be received by another user within the same instance. This vulnerability does not occur between different instances or between users and non-users of the platform. Single-user instances are not affected. In private instances with a user white-list, the impact is limited by the fact that all potential unintended recipients of these node execution updates must have been admitted by the administrator. This vulnerability is fixed in 0.6.1. | |||||
| CVE-2024-8673 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | N/A | 9.1 CRITICAL |
| The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript. | |||||
| CVE-2024-8699 | 1 Urbanbase | 1 Z-downloads | 2025-05-28 | N/A | 7.2 HIGH |
| The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | |||||