Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2025-05-08 | 5.3 Medium |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43434 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-05-08 | 5.3 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43433 | 1 Jenkins | 1 Screenrecorder | 2025-05-08 | 4.3 Medium |
| Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43432 | 1 Jenkins | 1 Xframium Builder | 2025-05-08 | 4.3 Medium |
| Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43422 | 1 Jenkins | 2 Compuware Topaz Utilities, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2023-32006 | 3 Fedoraproject, Nodejs, Redhat | 4 Fedora, Node.js, Enterprise Linux and 1 more | 2025-05-08 | 8.8 High |
| The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
| CVE-2024-25744 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-05-07 | 8.8 High |
| In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | ||||
| CVE-2022-32910 | 1 Apple | 2 Mac Os X, Macos | 2025-05-06 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. | ||||
| CVE-2025-46553 | 2025-05-05 | N/A | ||
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | ||||
| CVE-2024-38092 | 1 Microsoft | 1 Azure Cyclecloud | 2025-05-05 | 8.8 High |
| Azure CycleCloud Elevation of Privilege Vulnerability | ||||
| CVE-2024-38070 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-05-05 | 7.8 High |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | ||||
| CVE-2024-38058 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-05 | 6.8 Medium |
| BitLocker Security Feature Bypass Vulnerability | ||||
| CVE-2024-57931 | 1 Redhat | 1 Enterprise Linux | 2025-05-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. | ||||
| CVE-2024-56761 | 1 Linux | 1 Linux Kernel | 2025-05-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the "kernel IBT no ENDBR" selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ] | ||||
| CVE-2024-21423 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 4.8 Medium |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | ||||
| CVE-2024-26163 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2024-28903 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 6.7 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28919 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 6.7 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28921 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 6.7 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-28920 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-05-03 | 7.8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||