Total
294007 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37872 | 2 Angeljudesuarez, Itsourcecode | 2 Billing System, Billing System | 2025-05-14 | 8.1 High |
| SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2025-20071 | 2025-05-14 | 6.5 Medium | ||
| NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20076 | 2025-05-14 | 5 Medium | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2025-20079 | 2025-05-14 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-12096 | 1 Ulfben | 1 Exhibit To Wp Gallery | 2025-05-14 | 6.1 Medium |
| The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-20612 | 2025-05-14 | 5.5 Medium | ||
| Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2025-24785 | 2025-05-14 | 4.3 Medium | ||
| iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next user trying to load this dashboard would encounter a crashed start page. Version 3.2.1 fixes the issue by checking the provided layout_class before saving the dashboard. | ||||
| CVE-2025-20616 | 2025-05-14 | 5.5 Medium | ||
| Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2025-20618 | 2025-05-14 | 7.9 High | ||
| Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-42488 | 1 Openharmony | 1 Openharmony | 2025-05-14 | 8.4 High |
| OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | ||||
| CVE-2022-41686 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-05-14 | 5.1 Medium |
| OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption. | ||||
| CVE-2024-6235 | 1 Citrix | 1 Netscaler Console | 2025-05-14 | 8.8 High |
| Sensitive information disclosure in NetScaler Console | ||||
| CVE-2025-45867 | 2025-05-14 | 5.4 Medium | ||
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. | ||||
| CVE-2025-45866 | 2025-05-14 | 5.4 Medium | ||
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. | ||||
| CVE-2025-45864 | 2025-05-14 | 5.4 Medium | ||
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. | ||||
| CVE-2025-45859 | 2025-05-14 | 5.4 Medium | ||
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. | ||||
| CVE-2025-44831 | 2025-05-14 | 9.8 Critical | ||
| EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | ||||
| CVE-2025-3600 | 2025-05-14 | 7.5 High | ||
| In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. | ||||
| CVE-2025-31256 | 2025-05-14 | 5.5 Medium | ||
| The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. | ||||
| CVE-2025-31251 | 2025-05-14 | 5.5 Medium | ||
| The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||