Search Results (35285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-20389 1 Google 1 Android 2025-06-05 9.8 Critical
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004
CVE-2022-20388 1 Google 1 Android 2025-06-05 9.8 Critical
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323
CVE-2025-3597 1 Firelightwp 1 Firelight Lightbox 2025-06-05 5.9 Medium
The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.
CVE-2023-48951 1 Openlinksw 1 Virtuoso 2025-06-05 8.8 High
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
CVE-2022-42541 1 Google 1 Android 2025-06-05 9.8 Critical
Remote code execution
CVE-2025-48999 1 Dataease 1 Dataease 2025-06-05 8.8 High
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.
CVE-2025-49001 1 Dataease 1 Dataease 2025-06-05 9.8 Critical
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
CVE-2023-4297 2 Mediamanifesto, Mmm Simple File List 2 Mmm Simple File List, Mmm Simple File List 2025-06-05 4.3 Medium
The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
CVE-2024-25941 1 Freebsd 1 Freebsd 2025-06-04 3.3 Low
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.
CVE-2025-25227 1 Joomla 1 Joomla\! 2025-06-04 7.5 High
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2024-13613 1 Kainex 1 Wise Chat 2025-06-04 7.5 High
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.
CVE-2025-47697 1 Uchida 2 Wivia 5, Wivia 5 Firmware 2025-06-04 7.5 High
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.
CVE-2024-10075 1 Automattic 1 Jetpack 2025-06-04 5.6 Medium
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
CVE-2024-13241 1 Getopensocial 1 Open Social 2025-06-04 9.1 Critical
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
CVE-2024-13240 1 Getopensocial 1 Open Social 2025-06-04 7.5 High
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.
CVE-2025-40581 1 Siemens 2 Scalance Lpe9403, Scalance Lpe9403 Firmware 2025-06-04 7.1 High
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.
CVE-2024-23744 1 Arm 1 Mbed Tls 2025-06-04 7.5 High
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
CVE-2024-23180 1 Appleple 1 A-blog Cms 2025-06-04 8.8 High
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
CVE-2022-34706 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-06-04 7.8 High
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-34703 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-06-04 7.8 High
Windows Partition Management Driver Elevation of Privilege Vulnerability