Total
32389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3748 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | 6.5 Medium |
| The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user | ||||
| CVE-2024-3749 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2025-05-15 | 6.5 Medium |
| The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user | ||||
| CVE-2024-1204 | 1 Metabox | 1 Meta Box | 2025-05-15 | 4.3 Medium |
| The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. | ||||
| CVE-2022-42142 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-14 | 7.2 High |
| Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. | ||||
| CVE-2022-41588 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2022-41586 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-41471 | 1 74cms | 1 74cmsse | 2025-05-14 | 6.5 Medium |
| 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. | ||||
| CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks. | ||||
| CVE-2023-52030 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-14 | 9.8 Critical |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. | ||||
| CVE-2022-41589 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. | ||||
| CVE-2022-41582 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. | ||||
| CVE-2022-41581 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 9.1 Critical |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | ||||
| CVE-2022-41576 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.8 High |
| The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | ||||
| CVE-2022-28762 | 1 Zoom | 1 Meetings | 2025-05-14 | 7.3 High |
| Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | ||||
| CVE-2024-13117 | 1 Artlosk | 1 Share Buttons | 2025-05-13 | 6.5 Medium |
| The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded | ||||
| CVE-2025-20953 | 1 Samsung | 1 Android | 2025-05-13 | 5.1 Medium |
| Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. | ||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | 8.8 High |
| GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | ||||
| CVE-2024-21090 | 1 Oracle | 2 Mysql Connector\/python, Mysql Connectors | 2025-05-13 | 7.5 High |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2025-24899 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | 7.5 High |
| reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-24968 | 1 Yogeshojha | 1 Rengine | 2025-05-13 | 8.8 High |
| reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | ||||