Total
29577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2025-05-10 | 7.5 High |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | ||||
| CVE-2022-2052 | 1 Trumpf | 5 Job Order Interface, Oseon, Trutops Boost and 2 more | 2025-05-10 | 9.8 Critical |
| Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system. | ||||
| CVE-2022-3281 | 1 Wago | 156 750-8100, 750-8100 Firmware, 750-8101 and 153 more | 2025-05-10 | 7.5 High |
| WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote attacker to circumvent the reach the network that should be protected by the MAC address filter. | ||||
| CVE-2025-4036 | 1 Xxyopen | 1 Novel | 2025-05-10 | 6.3 Medium |
| A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-24670 | 1 Forgerock | 1 Access Management | 2025-05-09 | 7.1 High |
| An attacker can use the unrestricted LDAP queries to determine configuration entries | ||||
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2025-05-09 | 7.8 High |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | ||||
| CVE-2022-22234 | 1 Juniper | 11 Ex2300, Ex2300-24mp, Ex2300-24p and 8 more | 2025-05-09 | 5.5 Medium |
| An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. These can be checked by issuing the following commands: user@device# show log messages | match unplugged %PFE-6: fpc0 sfp-0/1/2 SFP unplugged %PFE-6: fpc0 sfp-0/1/3 SFP unplugged The following log messages will also be seen when this issue happens: fpc0 Error tvp_drv_syspld_read: syspld read failed for address <address> fpc0 Error[-1]:tvp_optics_presence_get - Syspld read failed for port <pic/port> fpc0 optics pres failed(-1) for pic <pic> port <port> fpc0 tvp_drv_syspld_read: i2c access retry count 200 This issue affects Juniper Networks Junos OS on EX2300 Series, EX3400 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. | ||||
| CVE-2022-22249 | 1 Juniper | 18 Junos, Mx10, Mx10000 and 15 more | 2025-05-09 | 6.5 Medium |
| An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous mac move a memory corruption causes one or more FPCs to crash and reboot. These MAC moves can be between two local interfaces or between core/EVPN and local interface. The below error logs can be seen in PFE syslog when this issue happens: xss_event_handler(1071): EA[0:0]_PPE 46.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 46 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 1.xss[0] ADDR Error. ppe_error_interrupt(4298): EA[0:0]_PPE 1 Errors sync xtxn error xss_event_handler(1071): EA[0:0]_PPE 2.xss[0] ADDR Error. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 15.1R7-S13; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. | ||||
| CVE-2022-22250 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-05-09 | 6.5 Medium |
| An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1. | ||||
| CVE-2022-43410 | 2 Jenkins, Redhat | 2 Mercurial, Ocp Tools | 2025-05-08 | 5.3 Medium |
| Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | ||||
| CVE-2022-40798 | 1 Ocomon Project | 1 Ocomon | 2025-05-08 | 7.5 High |
| OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. | ||||
| CVE-2022-39057 | 1 Changingtec | 1 Rava Certificate Validation System | 2025-05-08 | 7.2 High |
| RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. | ||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2025-05-08 | 5.3 Medium |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-36454 | 1 Mitel | 1 Micollab | 2025-05-07 | 6.5 Medium |
| A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. | ||||
| CVE-2022-36453 | 1 Mitel | 1 Micollab | 2025-05-07 | 8.8 High |
| A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | ||||
| CVE-2025-31173 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 8.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-3629 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Data Grid and 1 more | 2025-05-07 | 4.3 Medium |
| A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions. | ||||
| CVE-2024-58112 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.5 High |
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-58111 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.5 High |
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-31172 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||