Total
294029 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45332 | 2025-05-14 | 5.6 Medium | ||
| Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-41603 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 3.4 Low |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | ||||
| CVE-2022-41305 | 1 Autodesk | 1 Subassembly Composer | 2025-05-14 | 7.8 High |
| A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-2865 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2025-47905 | 2025-05-14 | 5.4 Medium | ||
| Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries. | ||||
| CVE-2024-12302 | 1 Icegram | 1 Icegram Engage | 2025-05-14 | 6.1 Medium |
| The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-12311 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-14 | 6.5 Medium |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2025-43566 | 2025-05-14 | 6.8 Medium | ||
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2024-36292 | 2025-05-14 | 7.3 High | ||
| Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20006 | 2025-05-14 | 7.4 High | ||
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-20026 | 2025-05-14 | 6.1 Medium | ||
| Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-39758 | 2025-05-14 | 5.9 Medium | ||
| Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20030 | 2025-05-14 | 2.6 Low | ||
| Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2025-20031 | 2025-05-14 | 6.5 Medium | ||
| Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20032 | 2025-05-14 | 7.9 High | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2025-20039 | 2025-05-14 | 6.6 Medium | ||
| Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-20041 | 2025-05-14 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20043 | 2025-05-14 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20046 | 2025-05-14 | 8 High | ||
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-20047 | 2025-05-14 | 5.7 Medium | ||
| Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||