Total
294007 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28056 | 2025-05-14 | 9.8 Critical | ||
| rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component. | ||||
| CVE-2025-28055 | 2025-05-14 | 7.5 High | ||
| upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit | ||||
| CVE-2025-24645 | 2025-05-14 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Scott Eazy Under Construction allows Reflected XSS. This issue affects Eazy Under Construction: from n/a through 1.0. | ||||
| CVE-2025-24220 | 2025-05-14 | 5.5 Medium | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.7, iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier. | ||||
| CVE-2025-24155 | 2025-05-14 | 5.5 Medium | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory. | ||||
| CVE-2025-22756 | 2025-05-14 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-56526 | 2025-05-14 | 7.5 High | ||
| An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. | ||||
| CVE-2024-52290 | 2025-05-14 | 6.3 Medium | ||
| LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue. | ||||
| CVE-2024-45332 | 2025-05-14 | 5.6 Medium | ||
| Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-24780 | 2025-05-14 | 9.8 Critical | ||
| Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. | ||||
| CVE-2022-41603 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 3.4 Low |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | ||||
| CVE-2022-41305 | 1 Autodesk | 1 Subassembly Composer | 2025-05-14 | 7.8 High |
| A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-2865 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2025-47905 | 2025-05-14 | 5.4 Medium | ||
| Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries. | ||||
| CVE-2025-43548 | 2025-05-14 | 7.8 High | ||
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43572 | 2025-05-14 | 7.8 High | ||
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43549 | 2025-05-14 | 7.8 High | ||
| Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-12302 | 1 Icegram | 1 Icegram Engage | 2025-05-14 | 6.1 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-12311 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-14 | 6.5 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2025-43568 | 2025-05-14 | 7.8 High | ||
| Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||