Total
456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22519 | 1 Sorenfriis | 1 Opendroneid Osm | 2025-06-05 | 8.2 High |
| An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. | ||||
| CVE-2025-3875 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-06-05 | 7.5 High |
| Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | ||||
| CVE-2025-3909 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-06-05 | 6.5 Medium |
| Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | ||||
| CVE-2022-3180 | 1 Wpgateway | 1 Wpgateway | 2025-06-05 | 9.8 Critical |
| The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. | ||||
| CVE-2025-49002 | 1 Dataease | 1 Dataease | 2025-06-05 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | ||||
| CVE-2023-41591 | 1 Opennetworking | 1 Onos | 2025-06-03 | 9.8 Critical |
| An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. | ||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2025-05-30 | 6.3 Medium |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
| CVE-2023-51667 | 1 Blazzdev | 1 Rate My Post | 2025-05-29 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.2. | ||||
| CVE-2022-34716 | 2 Microsoft, Redhat | 5 .net, .net Core, Powershell and 2 more | 2025-05-29 | 5.9 Medium |
| .NET Spoofing Vulnerability | ||||
| CVE-2025-5067 | 1 Google | 1 Chrome | 2025-05-29 | 5.4 Medium |
| Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-25595 | 1 Wpmudev | 1 Defender | 2025-05-28 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. | ||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2025-05-28 | 8.2 High |
| An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2022-23949 | 1 Keylime | 1 Keylime | 2025-05-27 | 7.5 High |
| In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | ||||
| CVE-2021-43310 | 1 Keylime | 1 Keylime | 2025-05-27 | 9.8 Critical |
| A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. | ||||
| CVE-2023-32207 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-05-27 | 8.8 High |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2023-35622 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-05-22 | 7.5 High |
| Windows DNS Spoofing Vulnerability | ||||
| CVE-2024-1347 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. | ||||
| CVE-2021-27853 | 3 Cisco, Ieee, Ietf | 308 Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l, Catalyst 3650-12x48fd-s and 305 more | 2025-05-21 | 4.7 Medium |
| Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. | ||||
| CVE-2025-1104 | 1 Dlink | 2 Dhp-w310av, Dhp-w310av Firmware | 2025-05-21 | 7.3 High |
| A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-27862 | 2 Ieee, Ietf | 2 Ieee 802.2, P802.1q | 2025-05-21 | 4.7 Medium |
| Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). | ||||