Total
33598 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5081 | 1 Lenovo | 8 Tab M8 Hd Tb8505f, Tab M8 Hd Tb8505f Firmware, Tab M8 Hd Tb8505fs and 5 more | 2025-05-30 | 3.3 Low |
| An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. | ||||
| CVE-2023-47152 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2025-05-30 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. | ||||
| CVE-2023-47158 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-05-30 | 5.3 Medium |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. | ||||
| CVE-2024-23649 | 1 Join-lemmy | 1 Lemmy | 2025-05-30 | 7.5 High |
| Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied. | ||||
| CVE-2022-34715 | 1 Microsoft | 1 Windows Server 2022 | 2025-05-29 | 9.8 Critical |
| Windows Network File System Remote Code Execution Vulnerability | ||||
| CVE-2022-34714 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-34712 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2025-05-29 | 5.5 Medium |
| Windows Defender Credential Guard Information Disclosure Vulnerability | ||||
| CVE-2022-34710 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | 5.5 Medium |
| Windows Defender Credential Guard Information Disclosure Vulnerability | ||||
| CVE-2022-34708 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2023-51356 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | 8.8 High |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | ||||
| CVE-2023-47837 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | 8.3 High |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | ||||
| CVE-2024-4274 | 1 G5plus | 1 Essential Real Estate | 2025-05-29 | 4.3 Medium |
| The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments. | ||||
| CVE-2022-35772 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-05-29 | 7.2 High |
| Azure Site Recovery Remote Code Execution Vulnerability | ||||
| CVE-2022-35771 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | 7.8 High |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | ||||
| CVE-2022-35769 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 7.5 High |
| Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | ||||
| CVE-2022-35767 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-35766 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-35765 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||
| CVE-2022-35764 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||
| CVE-2022-35763 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||