Total
88988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43148 | 1 Rtf2html Project | 1 Rtf2html | 2025-05-06 | N/A | 5.5 MEDIUM |
| rtf2html v0.2.0 was discovered to contain a heap overflow in the component /rtf2html/./rtf_tools.h. | |||||
| CVE-2022-40488 | 1 Processwire | 1 Processwire | 2025-05-06 | N/A | 6.5 MEDIUM |
| ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). | |||||
| CVE-2022-32938 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-05-06 | N/A | 5.3 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system. | |||||
| CVE-2022-32936 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to disclose kernel memory. | |||||
| CVE-2022-32935 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-05-06 | N/A | 4.6 MEDIUM |
| A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen. | |||||
| CVE-2022-32929 | 1 Apple | 2 Ipad Os, Iphone Os | 2025-05-06 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups. | |||||
| CVE-2022-32928 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials. | |||||
| CVE-2022-32909 | 1 Apple | 1 Iphone Os | 2025-05-06 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data. | |||||
| CVE-2022-32881 | 1 Apple | 3 Macos, Tvos, Watchos | 2025-05-06 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to modify protected parts of the file system. | |||||
| CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2025-05-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | |||||
| CVE-2018-19918 | 1 Cuppacms | 1 Cuppacms | 2025-05-06 | 3.5 LOW | 5.4 MEDIUM |
| CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | |||||
| CVE-2018-19906 | 1 Razorcms | 1 Razorcms | 2025-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. | |||||
| CVE-2018-19905 | 1 Razorcms | 1 Razorcms | 2025-05-06 | 3.5 LOW | 5.4 MEDIUM |
| HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. | |||||
| CVE-2025-2855 | 1 Eladmin | 1 Eladmin | 2025-05-06 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely. | |||||
| CVE-2024-34535 | 1 Joinmastodon | 1 Mastodon | 2025-05-06 | N/A | 5.9 MEDIUM |
| In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. | |||||
| CVE-2024-24991 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 6.5 MEDIUM |
| A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | |||||
| CVE-2024-44046 | 1 Themify | 1 Woocommerce Product Filter | 2025-05-06 | N/A | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1. | |||||
| CVE-2024-24849 | 1 Developingtheweb | 1 Quicksand Post Filter Jquery | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | |||||
| CVE-2024-5968 | 1 10web | 1 Photo Gallery | 2025-05-06 | N/A | 4.8 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-24876 | 1 W-shadow | 1 Admin Menu Editor | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12. | |||||