Total
293396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3350 | 1 Tech-banker | 1 Contact Bank | 2025-05-09 | 4.8 Medium |
| The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3335 | 1 Kadencewp | 1 Kadence Woocommerce Email Designer | 2025-05-09 | 7.2 High |
| The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | ||||
| CVE-2022-3302 | 1 Cleantalk | 1 Spam Protection\, Antispam\, Firewall | 2025-05-09 | 7.2 High |
| The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2022-3300 | 1 10web | 1 Form Maker | 2025-05-09 | 7.2 High |
| The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2022-3247 | 1 Adenion | 1 Blog2social | 2025-05-09 | 6.5 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | ||||
| CVE-2022-34870 | 1 Apache | 1 Geode | 2025-05-09 | 5.4 Medium |
| Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | ||||
| CVE-2022-33185 | 1 Broadcom | 1 Fabric Operating System | 2025-05-09 | 7.8 High |
| Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account. | ||||
| CVE-2020-26629 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-09 | 9.8 Critical |
| A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | ||||
| CVE-2022-40184 | 1 Bosch | 2 Videojet Multi 4000, Videojet Multi 4000 Firmware | 2025-05-09 | 5.1 Medium |
| Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | ||||
| CVE-2024-45574 | 1 Qualcomm | 8 Sdm429w, Sdm429w Firmware, Snapdragon 429 Mobile and 5 more | 2025-05-09 | 7.8 High |
| Memory corruption during array access in Camera kernel due to invalid index from invalid command data. | ||||
| CVE-2024-45575 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | 7.8 High |
| Memory corruption Camera kernel when large number of devices are attached through userspace. | ||||
| CVE-2024-45576 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-05-09 | 7.8 High |
| Memory corruption while prociesing command buffer buffer in OPE module. | ||||
| CVE-2024-45577 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | 7.8 High |
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | ||||
| CVE-2025-27132 | 1 Openatom | 1 Openharmony | 2025-05-09 | 3.8 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2025-27241 | 1 Openatom | 1 Openharmony | 2025-05-09 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | ||||
| CVE-2025-27248 | 1 Openatom | 1 Openharmony | 2025-05-09 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | ||||
| CVE-2022-43749 | 1 Synology | 1 Presto File Server | 2025-05-09 | 4.3 Medium |
| Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors. | ||||
| CVE-2024-49830 | 1 Qualcomm | 24 Qca6574au, Qca6574au Firmware, Qca6595au and 21 more | 2025-05-09 | 6.6 Medium |
| Memory corruption while processing an IOCTL call to set mixer controls. | ||||
| CVE-2024-49829 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | 6.7 Medium |
| Memory corruption can occur during context user dumps due to inadequate checks on buffer length. | ||||
| CVE-2024-45583 | 1 Qualcomm | 14 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon 8 Gen 3 Mobile and 11 more | 2025-05-09 | 6.6 Medium |
| Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. | ||||