Total
291248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30289 | 1 Adobe | 1 Coldfusion | 2025-04-23 | N/A | 8.2 HIGH |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application. Scope is changed. | |||||
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-23 | N/A | 2.7 LOW |
| A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-23143 | 1 Zte | 2 Otcp, Otcp Firmware | 2025-04-23 | N/A | 6.5 MEDIUM |
| ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. | |||||
| CVE-2025-32818 | 2025-04-23 | N/A | 7.5 HIGH | ||
| A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. | |||||
| CVE-2025-28169 | 2025-04-23 | N/A | N/A | ||
| BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend broadcasts to the manufacturer's cloud server unencrypted, allowing attackers to execute a man-in-the-middle attack. | |||||
| CVE-2022-45478 | 1 Telepad-app | 1 Telepad | 2025-04-23 | N/A | 5.9 MEDIUM |
| Telepad allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | |||||
| CVE-2022-42864 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-23 | N/A | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-42774 | 2 Google, Unisoc | 14 Android, S8002, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42773 | 2 Google, Unisoc | 14 Android, S8001, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42772 | 2 Google, Unisoc | 14 Android, S8021, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42771 | 2 Google, Unisoc | 14 Android, S8020, Sc7731e and 11 more | 2025-04-23 | N/A | 4.7 MEDIUM |
| In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42768 | 2 Google, Unisoc | 14 Android, S8013, Sc7731e and 11 more | 2025-04-23 | N/A | 4.3 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42767 | 2 Google, Unisoc | 14 Android, S8012, Sc7731e and 11 more | 2025-04-23 | N/A | 3.3 LOW |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | |||||
| CVE-2022-42765 | 2 Google, Unisoc | 15 Android, S8000, S8010 and 12 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42756 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel. | |||||
| CVE-2022-42754 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In npu driver, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | |||||
| CVE-2022-41325 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2025-04-23 | N/A | 7.8 HIGH |
| An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | |||||
| CVE-2022-20521 | 1 Google | 1 Android | 2025-04-23 | N/A | 5.0 MEDIUM |
| In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a possible way to crash Bluetooth due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203684 | |||||
| CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-04-23 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | |||||