Export limit exceeded: 35013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14593 | 7 Canonical, Debian, Fedoraproject and 4 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2025-05-27 | 7.4 High |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). | ||||
| CVE-2020-14583 | 7 Canonical, Debian, Fedoraproject and 4 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2025-05-27 | 8.3 High |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2023-50456 | 1 Zammad | 1 Zammad | 2025-05-27 | 5.3 Medium |
| An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. | ||||
| CVE-2022-35408 | 1 Insyde | 1 Insydeh2o | 2025-05-27 | 8.2 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.) | ||||
| CVE-2022-35031 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. | ||||
| CVE-2022-35030 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. | ||||
| CVE-2022-35029 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. | ||||
| CVE-2022-35028 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. | ||||
| CVE-2022-35027 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | ||||
| CVE-2022-35026 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | ||||
| CVE-2022-35025 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. | ||||
| CVE-2022-35023 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. | ||||
| CVE-2022-35022 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | ||||
| CVE-2024-1310 | 1 Automattic | 1 Woocommerce | 2025-05-27 | 4.9 Medium |
| The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) | ||||
| CVE-2023-48425 | 1 Google | 2 Chromecast, Chromecast Firmware | 2025-05-27 | 9.8 Critical |
| U-Boot vulnerability resulting in persistent Code Execution | ||||
| CVE-2022-35024 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | ||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | 5.5 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | ||||
| CVE-2022-26112 | 1 Apache | 1 Pinot | 2025-05-27 | 9.8 Critical |
| In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 | ||||
| CVE-2021-3187 | 2 Apple, Beyondtrust | 2 Mac Os X, Privilege Management For Mac | 2025-05-27 | 8.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | ||||
| CVE-2025-1847 | 1 Zframeworks | 1 Zz | 2025-05-26 | 6.3 Medium |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||