Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-37088 | 2025-04-25 | N/A | 6.8 MEDIUM | ||
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access. | |||||
| CVE-2025-32045 | 2025-04-25 | N/A | 5.3 MEDIUM | ||
| A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. | |||||
| CVE-2025-32044 | 2025-04-25 | N/A | 7.5 HIGH | ||
| A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | |||||
| CVE-2025-27371 | 2025-04-25 | N/A | 6.9 MEDIUM | ||
| In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR). | |||||
| CVE-2025-27370 | 2025-04-25 | N/A | 6.9 MEDIUM | ||
| OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issuer identifiers of other Authorization Servers. The malicious Authorization Server could then use these private key JWTs to impersonate the Client. | |||||
| CVE-2024-50086 | 1 Linux | 1 Linux Kernel | 2025-04-25 | N/A | 7.0 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting SMB2_SESSION_EXPIRED and referece count to session struct not to free session while it is being used. | |||||
| CVE-2022-45307 | 1 Chocolatey | 1 Chocolatey Php | 2025-04-25 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | |||||
| CVE-2022-45306 | 1 Chocolatey | 1 Chocolatey Azure-pipelines-agent | 2025-04-25 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | |||||
| CVE-2022-45305 | 1 Chocolatey | 1 Chocolatey Python3 | 2025-04-25 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. | |||||
| CVE-2022-45304 | 1 Chocolatey | 1 Chocolatey Cmder | 2025-04-25 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. | |||||
| CVE-2022-45301 | 1 Chocolatey | 1 Chocolatey Ruby | 2025-04-25 | N/A | 4.3 MEDIUM |
| Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. | |||||
| CVE-2022-45204 | 1 Gpac | 1 Gpac | 2025-04-25 | N/A | 5.5 MEDIUM |
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. | |||||
| CVE-2022-45202 | 1 Gpac | 1 Gpac | 2025-04-25 | N/A | 7.8 HIGH |
| GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. | |||||
| CVE-2022-44635 | 1 Apache | 1 Fineract | 2025-04-25 | N/A | 8.8 HIGH |
| Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1. | |||||
| CVE-2022-44356 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2025-04-25 | N/A | 7.5 HIGH |
| WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files. | |||||
| CVE-2022-44355 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-04-25 | N/A | 6.1 MEDIUM |
| SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. | |||||
| CVE-2022-44096 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
| Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | |||||
| CVE-2022-42445 | 1 Hcltechsw | 1 Hcl Launch | 2025-04-25 | N/A | 4.9 MEDIUM |
| HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. | |||||
| CVE-2022-40799 | 1 Dlink | 2 Dnr-322l, Dnr-322l Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | |||||
| CVE-2022-3865 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-25 | N/A | 8.8 HIGH |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | |||||