Total
294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30052 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio 2022 | 2025-06-05 | 4.7 Medium |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2020-16198 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-04 | 5 Medium |
| When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct. | ||||
| CVE-2025-27472 | 2025-06-04 | 5.4 Medium | ||
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-31189 | 1 Apple | 1 Macos | 2025-06-02 | 8.2 High |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | ||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2022-39957 | 3 Debian, Fedoraproject, Owasp | 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set | 2025-05-29 | 7.3 High |
| The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. | ||||
| CVE-2022-32802 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-28 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution. | ||||
| CVE-2022-26696 | 1 Apple | 1 Macos | 2025-05-28 | 8.8 High |
| This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2025-27700 | 2025-05-28 | 8.4 High | ||
| There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-31224 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-31244 | 1 Apple | 1 Macos | 2025-05-27 | 8.8 High |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | ||||
| CVE-2019-13535 | 1 Medtronic | 4 Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware, Valleylab Ls10 Energy Platform and 1 more | 2025-05-22 | 4.6 Medium |
| In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | ||||
| CVE-2024-0804 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 7.5 High |
| Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-0747 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-22 | 6.5 Medium |
| When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2022-3044 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-22 | 6.5 Medium |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2022-32845 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-22 | 10 Critical |
| This issue was addressed with improved checks. This issue is fixed in watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to break out of its sandbox. | ||||
| CVE-2025-41232 | 2025-05-22 | 9.1 Critical | ||
| Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methods | ||||
| CVE-2024-38180 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-21 | 8.8 High |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2024-38213 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-21 | 6.5 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 6.5 Medium |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||