Total
29579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | ||||
| CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | ||||
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | ||||
| CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 7.8 High |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | ||||
| CVE-2021-38617 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 8.8 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | ||||
| CVE-2021-38616 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 7.6 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more. | ||||
| CVE-2021-38615 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 6.3 Medium |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | ||||
| CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2025-05-30 | 8.8 High |
| Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | ||||
| CVE-2023-47035 | 1 Etherscan | 1 Reptilian Coin | 2025-05-30 | 7.5 High |
| RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | ||||
| CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2025-05-30 | 7.5 High |
| MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | ||||
| CVE-2023-44281 | 1 Dell | 1 Pair | 2025-05-30 | 6.6 Medium |
| Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | ||||
| CVE-2025-33137 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | 7.1 High |
| IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security. | ||||
| CVE-2020-15187 | 2 Helm, Redhat | 2 Helm, Acm | 2025-05-29 | 3 Low |
| In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL. | ||||
| CVE-2025-32158 | 1 Athemes | 1 Athemes Addons For Elementor | 2025-05-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||
| CVE-2025-46674 | 1 Nasa | 1 Cryptolib | 2025-05-29 | 3.5 Low |
| NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. | ||||
| CVE-2022-39955 | 3 Debian, Fedoraproject, Owasp | 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set | 2025-05-29 | 7.3 High |
| The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. | ||||
| CVE-2025-1909 | 1 Buddyboss | 1 Buddyboss Platform | 2025-05-28 | 9.8 Critical |
| The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2024-8372 | 2 Angularjs, Netapp | 2 Angular.js, Active Iq Unified Manager | 2025-05-28 | 4.8 Medium |
| Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | ||||
| CVE-2024-8373 | 2 Angularjs, Netapp | 2 Angular.js, Active Iq Unified Manager | 2025-05-28 | 4.8 Medium |
| Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | ||||