Total
30101 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22028 | 1 3rrr-btob | 12 3r-tmc01, 3r-tmc01 Firmware, 3r-tmc02 and 9 more | 2025-06-03 | N/A | 4.6 MEDIUM |
| Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data. | |||||
| CVE-2024-0230 | 1 Apple | 2 Magic Keyboard, Magic Keyboard Firmware | 2025-06-03 | N/A | 2.4 LOW |
| A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. | |||||
| CVE-2023-6843 | 1 Easy.jobs | 1 Easy.jobs | 2025-06-03 | N/A | 4.3 MEDIUM |
| The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. | |||||
| CVE-2023-51059 | 1 Mokosmart | 2 Mkgw1 Gateway, Mkgw1 Gateway Firmware | 2025-06-03 | N/A | 8.8 HIGH |
| An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. | |||||
| CVE-2023-50440 | 1 Primx | 3 Zed\!, Zedmail, Zonecentral | 2025-06-03 | N/A | 5.5 MEDIUM |
| ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim. | |||||
| CVE-2023-52109 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52108 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-52104 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52100 | 1 Huawei | 1 Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-39691 | 1 Kodcloud | 1 Kodbox | 2025-06-02 | N/A | 9.8 CRITICAL |
| An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request. | |||||
| CVE-2024-45691 | 1 Moodle | 1 Moodle | 2025-06-02 | N/A | 5.4 MEDIUM |
| A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values. | |||||
| CVE-2024-20272 | 1 Cisco | 1 Unity Connection | 2025-06-02 | N/A | 7.3 HIGH |
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | |||||
| CVE-2023-5922 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-06-02 | N/A | 7.5 HIGH |
| The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content | |||||
| CVE-2023-50431 | 1 Linux | 1 Linux Kernel | 2025-05-30 | N/A | 5.5 MEDIUM |
| sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. | |||||
| CVE-2024-21309 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-05-30 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-39479 | 1 Linux | 1 Linux Kernel | 2025-05-30 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the expectation, on device unbind, is that hwmon will be released before drvdata. However, in i915 there are two separate code paths, which both release either drvdata or hwmon and either can be released before the other. These code paths (for device unbind) are as follows (see also the bug referenced below): Call Trace: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 component_unbind_all+0x8d/0xa0 component_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 device_release_driver_internal+0x19c/0x200 unbind_store+0x9c/0xb0 and Call Trace: release_nodes+0x11/0x70 devres_release_all+0x8a/0xc0 device_unbind_cleanup+0x9/0x70 device_release_driver_internal+0x1c1/0x200 unbind_store+0x9c/0xb0 This means that in i915, if use devm, we cannot gurantee that hwmon will always be released before drvdata. Which means that we have a uaf if hwmon sysfs is accessed when drvdata has been released but hwmon hasn't. The only way out of this seems to be do get rid of devm_ and release/free everything explicitly during device unbind. v2: Change commit message and other minor code changes v3: Cleanup from i915_hwmon_register on error (Armin Wolf) v4: Eliminate potential static analyzer warning (Rodrigo) Eliminate fetch_and_zero (Jani) v5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi) | |||||
| CVE-2022-32810 | 2025-05-30 | N/A | 7.8 HIGH | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26776 | 1 Apple | 1 Macos | 2025-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 4.6 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | |||||
| CVE-2022-26773 | 1 Apple | 1 Itunes | 2025-05-30 | 5.8 MEDIUM | 7.1 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | |||||