Total
291 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24511 | 2025-08-12 | N/A | N/A | ||
| Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure. | |||||
| CVE-2023-27325 | 1 Parallels | 1 Parallels Desktop | 2025-08-06 | N/A | N/A |
| Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper initialization of environment variables. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18253. | |||||
| CVE-2022-0847 | 7 Fedoraproject, Linux, Netapp and 4 more | 39 Fedora, Linux Kernel, H300e and 36 more | 2025-07-30 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | |||||
| CVE-2024-32916 | 1 Google | 1 Android | 2025-07-24 | N/A | N/A |
| In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32930 | 1 Google | 1 Android | 2025-07-22 | N/A | N/A |
| In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20594 | 1 Amd | 250 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 247 more | 2025-06-27 | N/A | 4.4 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2023-20597 | 1 Amd | 202 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 199 more | 2025-06-27 | N/A | 5.5 MEDIUM |
| Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | |||||
| CVE-2022-32823 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | N/A | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to leak sensitive user information. | |||||
| CVE-2019-1039 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory. | |||||
| CVE-2025-21100 | 2025-05-13 | N/A | N/A | ||
| Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2025-46553 | 2025-05-05 | N/A | N/A | ||
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | |||||
| CVE-2022-21724 | 4 Debian, Fedoraproject, Postgresql and 1 more | 4 Debian Linux, Fedora, Postgresql Jdbc Driver and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-24378 | 1 Intel | 1 Data Center Manager | 2025-05-05 | N/A | 5.5 MEDIUM |
| Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-0145 | 2 Intel, Netapp | 121 Celeron 6305, Celeron 6305e, Celeron 6600he and 118 more | 2025-05-05 | 2.1 LOW | 5.5 MEDIUM |
| Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-0125 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2025-05-05 | 4.6 MEDIUM | 6.6 MEDIUM |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-0119 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2025-05-05 | 4.6 MEDIUM | 6.2 MEDIUM |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-23223 | 1 Intel | 10 Killer Wi-fi 6e Ax1675, Killer Wi-fi 6e Ax1675 Firmware, Killer Wi-fi 6e Ax1690 and 7 more | 2025-05-05 | N/A | 7.8 HIGH |
| Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-43468 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2025-04-23 | N/A | 7.5 HIGH |
| External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input. | |||||
| CVE-2024-11158 | 1 Rockwellautomation | 1 Arena | 2025-04-18 | N/A | N/A |
| An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2022-46487 | 1 Scontain | 1 Scone | 2025-04-17 | N/A | 7.8 HIGH |
| Improper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis. | |||||