Total
78068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40445 | 2025-04-30 | N/A | 7.3 HIGH | ||
| A directory traversal vulnerability in forkosh Mime TeX before version 1.77 allows attackers on Windows systems to read or append arbitrary files by manipulating crafted input paths. | |||||
| CVE-2022-43780 | 1 Hp | 82 M2u75a, M2u75a Firmware, M2u76a and 79 more | 2025-04-30 | N/A | 7.5 HIGH |
| Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. | |||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | N/A | 8.8 HIGH |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | |||||
| CVE-2022-43264 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | N/A | 7.5 HIGH |
| Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | |||||
| CVE-2022-40308 | 1 Apache | 1 Archiva | 2025-04-30 | N/A | 7.5 HIGH |
| If anonymous read enabled, it's possible to read the database file directly without logging in. | |||||
| CVE-2022-3763 | 1 Booster | 1 Booster For Woocommerce | 2025-04-30 | N/A | 8.1 HIGH |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack | |||||
| CVE-2022-3720 | 1 Awplife | 1 Event Monster | 2025-04-30 | N/A | 7.2 HIGH |
| The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users | |||||
| CVE-2022-3691 | 1 Fluenx | 1 Deepl Pro Api Translation | 2025-04-30 | N/A | 7.5 HIGH |
| The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | |||||
| CVE-2022-38666 | 1 Jenkins | 1 Ns-nd Integration Performance Publisher | 2025-04-30 | N/A | 7.5 HIGH |
| Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. | |||||
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2025-04-30 | N/A | 8.8 HIGH |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | |||||
| CVE-2022-30772 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 8.2 HIGH |
| Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 | |||||
| CVE-2022-30771 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 8.2 HIGH |
| Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064 | |||||
| CVE-2021-38819 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2025-04-30 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. | |||||
| CVE-2024-52912 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | N/A | 7.5 HIGH |
| Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. | |||||
| CVE-2025-32968 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 8.8 HIGH |
| XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. The protection added to this REST API is the same as the one used to validate complete select queries, making it more consistent. However, while the script API always had this protection for complete queries, it's important to note that it's a very strict protection and some valid, but complex, queries might suddenly require the author to have programming right. | |||||
| CVE-2025-31117 | 1 Open-emr | 1 Openemr | 2025-04-30 | N/A | 7.5 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1. | |||||
| CVE-2025-29910 | 1 Nasa | 1 Cryptolib | 2025-04-30 | N/A | 7.5 HIGH |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vulnerability was identified in the `crypto_handle_incrementing_nontransmitted_counter` function of CryptoLib versions 1.3.3 and prior. This vulnerability can lead to resource exhaustion and degraded system performance over time, particularly in long-running processes or systems processing large volumes of data. The vulnerability is present in the `crypto_handle_incrementing_nontransmitted_counter` function within `crypto_tc.c`. The function allocates memory using `malloc` without ensuring the allocated memory is always freed. This issue can lead to resource exhaustion, reduced system performance, and potentially a Denial of Service (DoS) in environments where CryptoLib is used in long-running processes or with large volumes of data. Any system using CryptoLib, especially those handling high-throughput or continuous data streams, could be impacted. As of time of publication, no known patched versions are available. | |||||
| CVE-2025-29924 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 7.5 HIGH |
| XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as "Prevent unregistered users to view pages". or "Prevent unregistered users to edit pages". It's possible to detect the vulnerability by enabling "Prevent unregistered users to view pages" and then trying to access a page through the REST API without using any credentials. The vulnerability has been patched in XWiki 15.10.14, 16.4.6 and 16.10.0RC1. | |||||
| CVE-2023-22514 | 1 Atlassian | 1 Sourcetree | 2025-04-30 | N/A | 7.8 HIGH |
| This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15 See the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives). This vulnerability was reported via our Penetration Testing program. | |||||
| CVE-2024-56406 | 1 Perl | 1 Perl | 2025-04-30 | N/A | 8.6 HIGH |
| A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. | |||||