Total
10920 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38985 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-15 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2024-24981 | 2025-05-14 | N/A | 7.5 HIGH | ||
| Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2017-7517 | 1 Redhat | 1 Openshift | 2025-05-13 | N/A | 3.5 LOW |
| An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance. | |||||
| CVE-2025-0734 | 1 Ruoyi | 1 Ruoyi | 2025-05-13 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-40556 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation. | |||||
| CVE-2025-24510 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in MS/TP Point Pickup Module (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation. | |||||
| CVE-2025-29784 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 7.5 HIGH |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0. | |||||
| CVE-2024-25016 | 1 Ibm | 2 Mq, Mq Appliance | 2025-05-12 | N/A | 7.5 HIGH |
| IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279. | |||||
| CVE-2025-30391 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2025-05-12 | N/A | 8.1 HIGH |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-46574 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 4.1 MEDIUM |
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2025-4377 | 2025-05-12 | N/A | N/A | ||
| Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2025-4376 | 2025-05-12 | N/A | N/A | ||
| Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2023-22342 | 1 Intel | 1 Thunderbolt Dch Driver | 2025-05-12 | N/A | 7.7 HIGH |
| Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45577 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | |||||
| CVE-2024-45579 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | |||||
| CVE-2024-49845 | 1 Qualcomm | 292 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 289 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during the FRS UDS generation process. | |||||
| CVE-2025-21460 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. | |||||
| CVE-2022-1414 | 1 Redhat | 1 3scale Api Management | 2025-05-09 | N/A | 8.8 HIGH |
| 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. | |||||
| CVE-2024-11636 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-05-08 | N/A | 4.8 MEDIUM |
| The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-27612 | 1 Numbas | 1 Editor | 2025-05-08 | N/A | 6.2 MEDIUM |
| Numbas editor before 7.3 mishandles editing of themes and extensions. | |||||