Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2022-39957 | 3 Debian, Fedoraproject, Owasp | 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set | 2025-05-29 | 7.3 High |
| The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. | ||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-28 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution. | ||||
| CVE-2022-26696 | 1 Apple | 1 Macos | 2025-05-28 | 8.8 High |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2025-31224 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-31244 | 1 Apple | 1 Macos | 2025-05-27 | 8.8 High |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | ||||
| CVE-2019-13535 | 1 Medtronic | 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more | 2025-05-22 | 4.6 Medium |
| In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | ||||
| CVE-2024-0804 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 7.5 High |
| Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-0747 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-22 | 6.5 Medium |
| When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 6.5 Medium |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2022-32845 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-22 | 10 Critical |
| This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox. | ||||
| CVE-2025-41232 | 2025-05-22 | 9.1 Critical | ||
| Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methods | ||||
| CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 6.5 Medium |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2025-21081 | 2025-05-16 | 4.5 Medium | ||
| Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-20926 | 4 Debian, Netapp, Oracle and 1 more | 15 Debian Linux, Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent and 12 more | 2025-05-15 | 5.9 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2022-20464 | 1 Google | 1 Android | 2025-05-15 | 5.5 Medium |
| In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A | ||||
| CVE-2024-0809 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-15 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2022-39011 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | 7.5 High |
| The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | ||||
| CVE-2024-20673 | 1 Microsoft | 7 Excel, Office, Powerpoint and 4 more | 2025-05-09 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code Coverage, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||