Total
32389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26774 | 1 Apple | 1 Itunes | 2025-05-30 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2022-26773 | 1 Apple | 1 Itunes | 2025-05-30 | 7.1 High |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | ||||
| CVE-2024-34009 | 1 Moodle | 1 Moodle | 2025-05-30 | 7.5 High |
| Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | ||||
| CVE-2024-33999 | 1 Moodle | 1 Moodle | 2025-05-30 | 9.8 Critical |
| The referrer URL used by MFA required additional sanitizing, rather than being used directly. | ||||
| CVE-2019-25071 | 1 Apple | 1 Iphone Os | 2025-05-30 | 6.3 Medium |
| A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. | ||||
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2025-05-30 | 6.2 Medium |
| Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | ||||
| CVE-2023-30309 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-30 | 5.7 Medium |
| An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2023-26099 | 1 Telindus | 1 Apsal | 2025-05-30 | 4.4 Medium |
| An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. | ||||
| CVE-2022-36442 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 5.5 Medium |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK. | ||||
| CVE-2022-36441 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 7.1 High |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin. | ||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export. | ||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | ||||
| CVE-2021-44035 | 1 Wolterskluwer | 1 Teammate Audit Management | 2025-05-30 | 4.4 Medium |
| Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. | ||||
| CVE-2021-42111 | 1 Rcdevs | 1 Openotp Token | 2025-05-30 | 5.5 Medium |
| An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code. | ||||
| CVE-2021-42110 | 1 Allegro | 1 Allegro | 2025-05-30 | 7.1 High |
| An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. | ||||
| CVE-2021-38618 | 1 Gfos | 1 Workforce Management | 2025-05-30 | 7.4 High |
| In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. | ||||
| CVE-2021-32017 | 1 Jump-technology | 1 Asset Management | 2025-05-30 | 9.9 Critical |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files. | ||||
| CVE-2021-31530 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-05-30 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. | ||||
| CVE-2021-31160 | 1 Zohocorp | 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp | 2025-05-30 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. | ||||
| CVE-2020-8422 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2025-05-30 | 4.3 Medium |
| An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). | ||||