Total
31714 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43416 | 1 Jenkins | 2 Jenkins, Katalon | 2025-05-08 | 8.8 High |
| Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controller message that does not limit where it can be executed and allows invoking Katalon with configurable arguments, allowing attackers able to control agent processes to invoke Katalon on the Jenkins controller with attacker-controlled version, install location, and arguments, and attackers additionally able to create files on the Jenkins controller (e.g., attackers with Item/Configure permission could archive artifacts) to invoke arbitrary OS commands. | ||||
| CVE-2022-43414 | 1 Jenkins | 1 Nunit | 2025-05-08 | 5.3 Medium |
| Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controller message that parses files inside a user-specified directory as test results, allowing attackers able to control agent processes to obtain test results from files in an attacker-specified directory on the Jenkins controller. | ||||
| CVE-2022-43039 | 1 Gpac | 1 Gpac | 2025-05-08 | 5.5 Medium |
| GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. | ||||
| CVE-2022-41709 | 1 Markdownify Project | 1 Markdownify | 2025-05-08 | 7.8 High |
| Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled. | ||||
| CVE-2022-41707 | 1 Relatedcode | 1 Messenger | 2025-05-08 | 6.5 Medium |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public. | ||||
| CVE-2024-1849 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2025-05-08 | 5.4 Medium |
| The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL | ||||
| CVE-2024-12274 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-05-08 | 7.5 High |
| The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist). | ||||
| CVE-2022-43434 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-05-08 | 5.3 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43433 | 1 Jenkins | 1 Screenrecorder | 2025-05-08 | 4.3 Medium |
| Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43432 | 1 Jenkins | 1 Xframium Builder | 2025-05-08 | 4.3 Medium |
| Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43429 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2025-05-08 | 7.5 High |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2022-43428 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-43426 | 1 Jenkins | 1 S3 Explorer | 2025-05-08 | 5.3 Medium |
| Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2022-43423 | 1 Jenkins | 2 Compuware Source Code Download For Endevor\, Pds\, And Ispw, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-43422 | 1 Jenkins | 2 Compuware Topaz Utilities, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-31690 | 3 Netapp, Redhat, Vmware | 5 Active Iq Unified Manager, Migration Toolkit Applications, Migration Toolkit Runtimes and 2 more | 2025-05-08 | 8.1 High |
| Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. | ||||
| CVE-2025-23212 | 1 Tandoor | 1 Recipes | 2025-05-08 | 7.7 High |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28. | ||||
| CVE-2024-2505 | 1 Gamipress | 1 Gamipress | 2025-05-08 | 8.1 High |
| The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress WordPress plugin before 6.8.9 configurations. | ||||
| CVE-2024-21353 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-08 | 8.8 High |
| Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-21363 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-08 | 7.8 High |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||