Export limit exceeded: 336910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32810 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-30 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32793 | 2 Apple, Fedoraproject | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-30 | 7.5 High |
| Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | ||||
| CVE-2022-26776 | 1 Apple | 1 Macos | 2025-05-30 | 9.8 Critical |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. | ||||
| CVE-2022-26775 | 1 Apple | 2 Mac Os X, Macos | 2025-05-30 | 9.8 Critical |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | ||||
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2022-26773 | 1 Apple | 1 Itunes | 2025-05-30 | 7.1 High |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | ||||
| CVE-2022-26772 | 1 Apple | 1 Macos | 2025-05-30 | 7.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-26771 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2025-05-30 | 7.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-20082 | 1 Mediatek | 35 Mt2735, Mt2737, Mt6833 and 32 more | 2025-05-30 | 9.8 Critical |
| In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529. | ||||
| CVE-2024-20083 | 2 Google, Mediatek | 25 Android, Mt6765, Mt6768 and 22 more | 2025-05-30 | 9.8 Critical |
| In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502. | ||||
| CVE-2025-40582 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-05-30 | 7.8 High |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device. | ||||
| CVE-2025-40583 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-05-30 | 4.4 Medium |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local attacker to retrieve this sensitive information. | ||||
| CVE-2023-40490 | 2 Maxon, Nemetschek | 2 Cinema 4d, Cinema 4d | 2025-05-30 | 7.8 High |
| Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21438. | ||||
| CVE-2024-6487 | 1 Data443 | 1 Inline Related Posts | 2025-05-30 | 5.9 Medium |
| The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6366 | 1 Cozmoslabs | 1 Profile Builder | 2025-05-30 | 9.1 Critical |
| The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. | ||||
| CVE-2024-6021 | 1 Bharatkambariya | 1 Donation Block For Paypal | 2025-05-30 | 6.8 Medium |
| The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability | ||||
| CVE-2024-3113 | 1 Devsabbirahmed | 1 Simple Form | 2025-05-30 | 5.9 Medium |
| The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-36782 | 1 Totolink | 2 Cp300, Cp300 Firmware | 2025-05-30 | 9.8 Critical |
| TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||
| CVE-2024-34009 | 1 Moodle | 1 Moodle | 2025-05-30 | 7.5 High |
| Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | ||||
| CVE-2024-34007 | 1 Moodle | 1 Moodle | 2025-05-30 | 8.8 High |
| The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. | ||||