Total
33713 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31748 | 1 Mozilla | 1 Firefox | 2025-04-15 | 9.8 Critical |
| Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 101. | ||||
| CVE-2022-31742 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 6.5 Medium |
| An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||||
| CVE-2022-26346 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2025-04-15 | 9.8 Critical |
| A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2022-27178 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2025-04-15 | 9.8 Critical |
| A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2022-27185 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2025-04-15 | 7.5 High |
| A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | ||||
| CVE-2022-38546 | 1 Zyxel | 2 Nbg7510, Nbg7510 Firmware | 2025-04-15 | 5.3 Medium |
| A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode. | ||||
| CVE-2022-25932 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2025-04-15 | 9.8 Critical |
| The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability. | ||||
| CVE-2022-45186 | 1 Salesagility | 1 Suitecrm | 2025-04-15 | 8.1 High |
| An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database. | ||||
| CVE-2022-34483 | 1 Mozilla | 1 Firefox | 2025-04-15 | 8.8 High |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. | ||||
| CVE-2022-34482 | 1 Mozilla | 1 Firefox | 2025-04-15 | 8.8 High |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. | ||||
| CVE-2022-23551 | 1 Microsoft | 1 Azure Ad Pod Identity | 2025-04-15 | 5.3 Medium |
| aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release. | ||||
| CVE-2025-2954 | 1 Mannaandpoem | 1 Openmanus | 2025-04-15 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-40957 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 6.5 Medium |
| Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. | ||||
| CVE-2022-36319 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 7.5 High |
| When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12. | ||||
| CVE-2022-36317 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | 6.5 Medium |
| When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 103. | ||||
| CVE-2022-42929 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 6.5 Medium |
| If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4. | ||||
| CVE-2022-40899 | 2 Pythoncharmers, Redhat | 4 Python-future, Rhui, Satellite and 1 more | 2025-04-15 | 7.5 High |
| An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. | ||||
| CVE-2022-40898 | 2 Redhat, Wheel Project | 3 Enterprise Linux, Rhel Software Collections, Wheel | 2025-04-15 | 7.5 High |
| An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. | ||||
| CVE-2022-3155 | 2 Apple, Mozilla | 2 Macos, Thunderbird | 2025-04-15 | 7.8 High |
| When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. | ||||
| CVE-2022-29915 | 1 Mozilla | 1 Firefox | 2025-04-15 | 4.3 Medium |
| The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | ||||