Total
88988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32918 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. | |||||
| CVE-2022-32904 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32862 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information. | |||||
| CVE-2022-32859 | 1 Apple | 1 Iphone Os | 2025-05-06 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results. | |||||
| CVE-2022-32858 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. | |||||
| CVE-2022-32827 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. | |||||
| CVE-2022-22677 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | N/A | 4.3 MEDIUM |
| A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. | |||||
| CVE-2018-19904 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2025-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field. | |||||
| CVE-2024-10679 | 1 Expresstech | 1 Quiz And Survey Master | 2025-05-06 | N/A | 6.1 MEDIUM |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2023-2304 | 1 Favoriteposts | 1 Favorites | 2025-05-06 | N/A | 6.4 MEDIUM |
| The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-12682 | 1 Brijeshk89 | 1 Smart Maintenance Mode | 2025-05-06 | N/A | 6.1 MEDIUM |
| The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13118 | 1 Brijeshk89 | 1 Ip Based Login | 2025-05-06 | N/A | 4.3 MEDIUM |
| The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack | |||||
| CVE-2024-23533 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. | |||||
| CVE-2025-4051 | 2025-05-06 | N/A | 6.3 MEDIUM | ||
| Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-52430 | 1 Authcrunch | 1 Caddy-security | 2025-05-06 | N/A | 6.1 MEDIUM |
| The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. | |||||
| CVE-2023-42940 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.7 MEDIUM |
| A session rendering issue was addressed with improved session tracking. This issue is fixed in macOS Sonoma 14.2.1. A user who shares their screen may unintentionally share the incorrect content. | |||||
| CVE-2022-44081 | 1 Lodev | 1 Lodepng | 2025-05-06 | N/A | 5.5 MEDIUM |
| Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. | |||||
| CVE-2022-44079 | 1 Pycdc Project | 1 Pycdc | 2025-05-06 | N/A | 5.5 MEDIUM |
| pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. | |||||
| CVE-2022-43152 | 1 Tsmuxer Project | 1 Tsmuxer | 2025-05-06 | N/A | 5.5 MEDIUM |
| tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. | |||||
| CVE-2022-43151 | 1 Timg Project | 1 Timg | 2025-05-06 | N/A | 5.5 MEDIUM |
| timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc. | |||||