Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20926 | 3 Debian, Netapp, Oracle | 8 Debian Linux, Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent and 5 more | 2025-05-15 | N/A | N/A |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-42902 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2025-05-15 | N/A | 8.8 HIGH |
| In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. | |||||
| CVE-2025-3744 | 1 Hashicorp | 1 Nomad | 2025-05-15 | N/A | 7.6 HIGH |
| Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13. | |||||
| CVE-2022-20464 | 1 Google | 1 Android | 2025-05-15 | N/A | 5.5 MEDIUM |
| In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A | |||||
| CVE-2024-20948 | 1 Oracle | 1 Knowledge Management | 2025-05-15 | N/A | N/A |
| Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-20977 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql | 2025-05-15 | N/A | N/A |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-23206 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-15 | N/A | 6.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. | |||||
| CVE-2022-40469 | 1 Ikuai8 | 1 Ikuaios | 2025-05-15 | N/A | 8.8 HIGH |
| iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | |||||
| CVE-2024-23217 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-15 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2024-0809 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-15 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2022-32931 | 1 Apple | 1 Macos | 2025-05-15 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | |||||
| CVE-2022-38982 | 1 Huawei | 1 Harmonyos | 2025-05-15 | N/A | 9.8 CRITICAL |
| The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | |||||
| CVE-2024-3748 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | N/A | N/A |
| The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user | |||||
| CVE-2024-3749 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | N/A | N/A |
| The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user | |||||
| CVE-2024-1204 | 1 Metabox | 1 Meta Box | 2025-05-15 | N/A | N/A |
| The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. | |||||
| CVE-2022-42142 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-14 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. | |||||
| CVE-2022-41471 | 1 74cms | 1 74cmsse | 2025-05-14 | N/A | 6.5 MEDIUM |
| 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. | |||||
| CVE-2022-41586 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-41588 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.5 HIGH |
| The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2024-5333 | 1 Stellarwp | 1 The Events Calendar | 2025-05-14 | N/A | N/A |
| The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. | |||||