Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23831 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2025-05-01 | N/A | 7.5 HIGH |
| Insufficient validation of the IOCTL input buffer in AMD µProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | |||||
| CVE-2022-27674 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2025-05-01 | N/A | 7.5 HIGH |
| Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | |||||
| CVE-2023-7165 | 1 Jetbackup | 1 Jetbackup | 2025-05-01 | N/A | N/A |
| The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files. | |||||
| CVE-2024-30203 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2025-05-01 | N/A | N/A |
| In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | |||||
| CVE-2024-0855 | 1 Spiffyplugins | 1 Spiffy Calendar | 2025-05-01 | N/A | N/A |
| The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. | |||||
| CVE-2024-40407 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | N/A | N/A |
| A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors. | |||||
| CVE-2022-44554 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. | |||||
| CVE-2022-43679 | 1 Owncloud | 1 Owncloud | 2025-05-01 | N/A | 5.3 MEDIUM |
| The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. | |||||
| CVE-2022-44555 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. | |||||
| CVE-2022-44557 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-44087 | 1 Ecisp | 1 Espcms | 2025-05-01 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. | |||||
| CVE-2022-44553 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 5.3 MEDIUM |
| The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. | |||||
| CVE-2022-38651 | 1 Vmware | 1 Hyperic Server | 2025-05-01 | N/A | 9.8 CRITICAL |
| A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-45182 | 1 Pistar | 1 Pi-star Digital Voice Dashboard | 2025-05-01 | N/A | 9.8 CRITICAL |
| Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. | |||||
| CVE-2022-44088 | 1 Ecisp | 1 Espcms | 2025-05-01 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. | |||||
| CVE-2022-44089 | 1 Ecisp | 1 Espcms | 2025-05-01 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. | |||||
| CVE-2022-41339 | 1 Zohocorp | 1 Manageengine Mobile Device Manager Plus | 2025-05-01 | N/A | 7.8 HIGH |
| In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | |||||
| CVE-2024-36845 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | N/A | N/A |
| An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. | |||||
| CVE-2024-28753 | 1 Raspap | 1 Raspap | 2025-05-01 | N/A | N/A |
| RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. | |||||
| CVE-2024-28754 | 1 Raspap | 1 Raspap | 2025-05-01 | N/A | N/A |
| RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. | |||||