Total
32125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38982 | 1 Huawei | 1 Harmonyos | 2025-05-15 | N/A | 9.8 CRITICAL |
| The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | |||||
| CVE-2022-32931 | 1 Apple | 1 Macos | 2025-05-15 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | |||||
| CVE-2024-3748 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | N/A | 6.5 MEDIUM |
| The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user | |||||
| CVE-2024-3749 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | N/A | 6.5 MEDIUM |
| The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user | |||||
| CVE-2024-1204 | 1 Metabox | 1 Meta Box | 2025-05-15 | N/A | 4.3 MEDIUM |
| The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. | |||||
| CVE-2022-42142 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-14 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. | |||||
| CVE-2022-41588 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2022-41586 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-41471 | 1 74cms | 1 74cmsse | 2025-05-14 | N/A | 6.5 MEDIUM |
| 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. | |||||
| CVE-2024-5333 | 1 Stellarwp | 1 The Events Calendar | 2025-05-14 | N/A | 5.3 MEDIUM |
| The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. | |||||
| CVE-2023-52030 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-14 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. | |||||
| CVE-2022-41589 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | |||||
| CVE-2022-41582 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. | |||||
| CVE-2022-41581 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 9.1 CRITICAL |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | |||||
| CVE-2022-41576 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.8 HIGH |
| The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | |||||
| CVE-2024-0340 | 1 Linux | 1 Linux Kernel | 2025-05-14 | N/A | 4.4 MEDIUM |
| A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | |||||
| CVE-2024-13117 | 1 Artlosk | 1 Share Buttons | 2025-05-13 | N/A | 6.5 MEDIUM |
| The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded | |||||
| CVE-2025-46762 | 1 Apache | 1 Parquet | 2025-05-13 | N/A | 9.8 CRITICAL |
| Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be executed. The exploit is only applicable if the client code of parquet-avro uses the "specific" or the "reflect" models deliberately for reading Parquet files. ("generic" model is not impacted) Users are recommended to upgrade to 1.15.2 or set the system property "org.apache.parquet.avro.SERIALIZABLE_PACKAGES" to an empty string on 1.15.1. Both are sufficient to fix the issue. | |||||
| CVE-2025-20953 | 1 Samsung | 1 Android | 2025-05-13 | N/A | 5.1 MEDIUM |
| Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. | |||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | N/A | 9.8 CRITICAL |
| GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | |||||