Total
33641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25744 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-05-07 | 8.8 High |
| In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | ||||
| CVE-2021-46757 | 1 Amd | 20 Ryzen Embedded 5600e, Ryzen Embedded 5600e Firmware, Ryzen Embedded 5800e and 17 more | 2025-05-07 | 7.8 High |
| Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation. | ||||
| CVE-2024-0248 | 1 Spider-themes | 1 Eazydocs | 2025-05-07 | 4.3 Medium |
| The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. | ||||
| CVE-2023-6869 | 1 Mozilla | 1 Firefox | 2025-05-07 | 6.5 Medium |
| A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121. | ||||
| CVE-2023-6289 | 1 Swteplugins | 1 Swift Performance | 2025-05-07 | 4.3 Medium |
| The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. | ||||
| CVE-2023-50272 | 1 Hpe | 4 Integrated Lights-out 5, Integrated Lights-out 5 Firmware, Integrated Lights-out 6 and 1 more | 2025-05-07 | 7.5 High |
| A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). The vulnerability could be remotely exploited to allow authentication bypass. | ||||
| CVE-2024-1250 | 1 Gitlab | 1 Gitlab | 2025-05-07 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | ||||
| CVE-2022-41836 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2025-05-07 | 7.5 High |
| When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. | ||||
| CVE-2023-6553 | 1 Backupbliss | 1 Backup Migration | 2025-05-07 | 9.8 Critical |
| The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. | ||||
| CVE-2023-27317 | 1 Netapp | 1 Ontap | 2025-05-07 | 4.3 Medium |
| ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives. | ||||
| CVE-2023-6894 | 1 Hikvision | 30 Ds-kd-bk, Ds-kd-dis, Ds-kd-e and 27 more | 2025-05-07 | 4.3 Medium |
| A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability. | ||||
| CVE-2024-58113 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 5.3 Medium |
| Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-0285 | 1 Openatom | 1 Openharmony | 2025-05-07 | 4.7 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | ||||
| CVE-2021-46950 | 1 Linux | 1 Linux Kernel | 2025-05-07 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being cleared. Since we are in the failure leg of raid1_end_write_request, the request either needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded). | ||||
| CVE-2021-47000 | 1 Linux | 1 Linux Kernel | 2025-05-07 | 3.3 Low |
| In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry | ||||
| CVE-2024-26712 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2025-05-07 | 4.4 Medium |
| In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then `va = block + k_cur - k_start` is less than block, the addr va is invalid, because the memory address space from va to block is not alloced by memblock_alloc, which will not be reserved by memblock_reserve later, it will be used by other places. As a result, memory overwriting occurs. for example: int __init __weak kasan_init_region(void *start, size_t size) { [...] /* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */ block = memblock_alloc(k_end - k_start, PAGE_SIZE); [...] for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { /* at the begin of for loop * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400) * va(dcd96c00) is less than block(dcd97000), va is invalid */ void *va = block + k_cur - k_start; [...] } [...] } Therefore, page alignment is performed on k_start before memblock_alloc() to ensure the validity of the VA address. | ||||
| CVE-2021-47293 | 2 Linux, Redhat | 4 Linux Kernel, Rhel Aus, Rhel E4s and 1 more | 2025-05-07 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets. | ||||
| CVE-2022-41986 | 1 Iij | 1 Iij Smartkey | 2025-05-07 | 7.5 High |
| Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. | ||||
| CVE-2025-45320 | 1 Lopalopa | 1 Online Service Management Portal | 2025-05-07 | 7.5 High |
| A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0. | ||||
| CVE-2025-4271 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.3 Medium |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||