Total
33660 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44623 | 1 Jetbrains | 1 Teamcity | 2025-04-30 | 6.5 Medium |
| In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | ||||
| CVE-2023-21358 | 1 Google | 1 Android | 2025-04-30 | 7.8 High |
| In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2025-04-30 | 7.5 High |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | ||||
| CVE-2024-42772 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
| CVE-2024-42774 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | ||||
| CVE-2024-42775 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
| CVE-2024-42776 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | ||||
| CVE-2024-57519 | 1 Open5gs | 1 Open5gs | 2025-04-30 | 7.5 High |
| An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. | ||||
| CVE-2024-20021 | 2 Google, Mediatek | 46 Android, Mt6768, Mt6781 and 43 more | 2025-04-30 | 6.7 Medium |
| In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. | ||||
| CVE-2024-20056 | 4 Google, Mediatek, Openwrt and 1 more | 30 Android, Mt6739, Mt6761 and 27 more | 2025-04-30 | 6.7 Medium |
| In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | ||||
| CVE-2024-52922 | 1 Bitcoin | 1 Bitcoin Core | 2025-04-30 | 6.5 Medium |
| In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | ||||
| CVE-2022-43780 | 1 Hp | 82 M2u75a, M2u75a Firmware, M2u76a and 79 more | 2025-04-30 | 7.5 High |
| Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack. | ||||
| CVE-2022-40309 | 1 Apache | 1 Archiva | 2025-04-30 | 4.3 Medium |
| Users with write permissions to a repository can delete arbitrary directories. | ||||
| CVE-2022-40308 | 1 Apache | 1 Archiva | 2025-04-30 | 7.5 High |
| If anonymous read enabled, it's possible to read the database file directly without logging in. | ||||
| CVE-2021-31608 | 1 Proofpoint | 1 Enterprise Protection | 2025-04-30 | 4.3 Medium |
| Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. | ||||
| CVE-2022-45473 | 1 Drachtio | 1 Drachtio-server | 2025-04-30 | 5.5 Medium |
| In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. | ||||
| CVE-2022-43096 | 1 M5t | 2 Mediatrix 4102s, Mediatrix 4102s Firmware | 2025-04-30 | 6.8 Medium |
| Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. | ||||
| CVE-2022-42126 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | 4.3 Medium |
| The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. | ||||
| CVE-2022-38165 | 1 Withsecure | 1 F-secure Policy Manager | 2025-04-30 | 9.8 Critical |
| Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. | ||||
| CVE-2024-11299 | 1 Caseproof | 1 Memberpress | 2025-04-30 | 5.3 Medium |
| The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||