Total
294011 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43548 | 2025-05-14 | 7.8 High | ||
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43572 | 2025-05-14 | 7.8 High | ||
| Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43549 | 2025-05-14 | 7.8 High | ||
| Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-12302 | 1 Icegram | 1 Icegram Engage | 2025-05-14 | 6.1 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-12311 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-14 | 6.5 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2025-43568 | 2025-05-14 | 7.8 High | ||
| Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-43563 | 2025-05-14 | 9.1 Critical | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-43566 | 2025-05-14 | 6.8 Medium | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-43562 | 2025-05-14 | 9.1 Critical | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-43559 | 2025-05-14 | 9.1 Critical | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-43565 | 2025-05-14 | 8.4 High | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed. | ||||
| CVE-2025-20003 | 2025-05-14 | 8.2 High | ||
| Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20004 | 2025-05-14 | 7.2 High | ||
| Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36292 | 2025-05-14 | 7.3 High | ||
| Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20006 | 2025-05-14 | 7.4 High | ||
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-20026 | 2025-05-14 | 6.1 Medium | ||
| Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-43560 | 2025-05-14 | 9.1 Critical | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2024-39758 | 2025-05-14 | 5.9 Medium | ||
| Improper access control for some Intel(R) Arcâ„¢ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-43564 | 2025-05-14 | 9.1 Critical | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-20030 | 2025-05-14 | 2.6 Low | ||
| Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||