Total
292856 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49841 | 2025-05-07 | 7.8 High | ||
| Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. | ||||
| CVE-2024-49842 | 2025-05-07 | 7.8 High | ||
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | ||||
| CVE-2024-49844 | 2025-05-07 | 7.8 High | ||
| Memory corruption while triggering commands in the PlayReady Trusted application. | ||||
| CVE-2024-49845 | 2025-05-07 | 7.8 High | ||
| Memory corruption during the FRS UDS generation process. | ||||
| CVE-2025-21453 | 2025-05-07 | 7.8 High | ||
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. | ||||
| CVE-2025-21460 | 2025-05-07 | 7.8 High | ||
| Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. | ||||
| CVE-2025-21462 | 2025-05-07 | 7.8 High | ||
| Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit. | ||||
| CVE-2025-21467 | 2025-05-07 | 7.8 High | ||
| Memory corruption while reading the FW response from the shared queue. | ||||
| CVE-2025-21468 | 2025-05-07 | 7.8 High | ||
| Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to write null character at the end of buffer. | ||||
| CVE-2025-21469 | 2025-05-07 | 7.8 High | ||
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. | ||||
| CVE-2025-21470 | 2025-05-07 | 7.8 High | ||
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. | ||||
| CVE-2025-21475 | 2025-05-07 | 7.8 High | ||
| Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. | ||||
| CVE-2025-4335 | 2025-05-07 | 8.8 High | ||
| The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | ||||
| CVE-2025-4220 | 2025-05-07 | 6.4 Medium | ||
| The Xavin's List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-4055 | 2025-05-07 | 6.4 Medium | ||
| The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-4054 | 2025-05-07 | 6.1 Medium | ||
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via the search results. | ||||
| CVE-2025-3924 | 2025-05-07 | 5.3 Medium | ||
| The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators. | ||||
| CVE-2025-3921 | 2025-05-07 | 8.2 High | ||
| The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata which can be leveraged to block an administrator from accessing their site when wp_capabilities is set to 0. | ||||
| CVE-2025-3891 | 1 Redhat | 1 Enterprise Linux | 2025-05-07 | 5.3 Medium |
| A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. | ||||
| CVE-2025-3860 | 2025-05-07 | 6.4 Medium | ||
| The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||