Export limit exceeded: 336927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32866 | 1 Apple | 3 Macos, Tvos, Watchos | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32865 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32862 | 1 Apple | 1 Macos | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.7.1, macOS Ventura 13, macOS Monterey 12.6.1. An app with root privileges may be able to access private information. | ||||
| CVE-2022-32859 | 1 Apple | 1 Iphone Os | 2025-05-06 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results. | ||||
| CVE-2022-32858 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state. | ||||
| CVE-2022-32835 | 1 Apple | 2 Iphone Os, Watchos | 2025-05-06 | 3.3 Low |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier. | ||||
| CVE-2022-32827 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 5.5 Medium |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service. | ||||
| CVE-2022-32794 | 1 Apple | 2 Mac Os X, Macos | 2025-05-06 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges. | ||||
| CVE-2022-26710 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-05-06 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-26709 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-05-06 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-22677 | 2 Apple, Redhat | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-06 | 4.3 Medium |
| A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. | ||||
| CVE-2018-19904 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2025-05-06 | 6.1 Medium |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field. | ||||
| CVE-2025-28025 | 1 Totolink | 8 A3000ru, A3000ru Firmware, A3100r and 5 more | 2025-05-06 | 7.3 High |
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | ||||
| CVE-2025-28028 | 1 Totolink | 8 A3000ru, A3000ru Firmware, A3100r and 5 more | 2025-05-06 | 7.3 High |
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | ||||
| CVE-2024-10679 | 1 Expresstech | 1 Quiz And Survey Master | 2025-05-06 | 6.1 Medium |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1452 | 1 Favoriteposts | 1 Favorites | 2025-05-06 | 3.5 Low |
| The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-2304 | 1 Favoriteposts | 1 Favorites | 2025-05-06 | 6.4 Medium |
| The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-12682 | 1 Brijeshk89 | 1 Smart Maintenance Mode | 2025-05-06 | 6.1 Medium |
| The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-25892 | 1 Muhammara Project | 1 Muhammara | 2025-05-06 | 7.5 High |
| The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. | ||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2025-05-06 | 9.9 Critical |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | ||||