Total
32389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3900 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load. | ||||
| CVE-2023-3484 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 8 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations. | ||||
| CVE-2023-3443 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. | ||||
| CVE-2023-3413 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | ||||
| CVE-2023-3102 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 5.3 Medium |
| A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR. | ||||
| CVE-2023-1210 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain. | ||||
| CVE-2023-0989 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | ||||
| CVE-2022-4343 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. | ||||
| CVE-2025-20957 | 1 Samsung | 1 Android | 2025-05-21 | 7.3 High |
| Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. | ||||
| CVE-2025-20958 | 1 Samsung | 1 Android | 2025-05-21 | 4.4 Medium |
| Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. | ||||
| CVE-2025-20960 | 1 Samsung | 1 Android | 2025-05-21 | 4 Medium |
| Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. | ||||
| CVE-2025-20961 | 1 Samsung | 1 Android | 2025-05-21 | 5.5 Medium |
| Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2025-20962 | 1 Samsung | 1 Android | 2025-05-21 | 4 Medium |
| Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. | ||||
| CVE-2024-21085 | 4 Debian, Netapp, Oracle and 1 more | 16 Debian Linux, Active Iq Unified Manager, Data Infrastructure Insights Acquisition Unit and 13 more | 2025-05-21 | 3.7 Low |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2025-30723 | 1 Oracle | 1 Bi Publisher | 2025-05-21 | 5.4 Medium |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). | ||||
| CVE-2022-41571 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-05-21 | 9.8 Critical |
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. | ||||
| CVE-2022-41347 | 1 Zimbra | 1 Collaboration | 2025-05-21 | 7.8 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. | ||||
| CVE-2022-3053 | 3 Apple, Fedoraproject, Google | 3 Macos, Fedora, Chrome | 2025-05-21 | 4.3 Medium |
| Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. | ||||
| CVE-2024-3050 | 1 Geminilabs | 1 Site Reviews | 2025-05-21 | 9.1 Critical |
| The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking | ||||
| CVE-2022-39835 | 1 Gajim | 1 Gajim | 2025-05-21 | 5.3 Medium |
| An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0. | ||||