Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31224 | 2025-05-14 | 7.8 High | ||
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-31244 | 2025-05-14 | 8.8 High | ||
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | ||||
| CVE-2025-26637 | 2025-05-13 | 6.8 Medium | ||
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | ||||
| CVE-2025-27472 | 2025-05-13 | 5.4 Medium | ||
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-21081 | 2025-05-13 | 4.5 Medium | ||
| Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-24061 | 2025-05-13 | 7.8 High | ||
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-21384 | 2025-05-13 | 8.3 High | ||
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||||
| CVE-2024-20673 | 1 Microsoft | 7 Excel, Office, Powerpoint and 4 more | 2025-05-09 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2022-43424 | 1 Jenkins | 2 Compuware Xpediter Code Coverage, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2025-05-08 | 5.3 Medium |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43434 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-05-08 | 5.3 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43433 | 1 Jenkins | 1 Screenrecorder | 2025-05-08 | 4.3 Medium |
| Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43432 | 1 Jenkins | 1 Xframium Builder | 2025-05-08 | 4.3 Medium |
| Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43422 | 1 Jenkins | 2 Compuware Topaz Utilities, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2023-32006 | 3 Fedoraproject, Nodejs, Redhat | 4 Fedora, Node.js, Enterprise Linux and 1 more | 2025-05-08 | 8.8 High |
| The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
| CVE-2024-25744 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-05-07 | 8.8 High |
| In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | ||||
| CVE-2022-32910 | 1 Apple | 2 Mac Os X, Macos | 2025-05-06 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper. | ||||
| CVE-2013-2465 | 4 Oracle, Redhat, Sun and 1 more | 10 Jre, Enterprise Linux, Network Satellite and 7 more | 2025-05-06 | 9.8 Critical |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. | ||||
| CVE-2025-46553 | 2025-05-05 | N/A | ||
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | ||||
| CVE-2024-38092 | 1 Microsoft | 1 Azure Cyclecloud | 2025-05-05 | 8.8 High |
| Azure CycleCloud Elevation of Privilege Vulnerability | ||||