Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45589 | 1 Talend | 1 Esb Runtime | 2025-03-26 | 7.2 High |
| All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. | ||||
| CVE-2022-32656 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. | ||||
| CVE-2022-32655 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | ||||
| CVE-2022-32654 | 1 Mediatek | 60 Mt5221, Mt5221 Firmware, Mt7603 and 57 more | 2025-03-26 | 6.7 Medium |
| In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011. | ||||
| CVE-2022-32643 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-03-26 | 6.4 Medium |
| In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. | ||||
| CVE-2022-32642 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-03-26 | 6.4 Medium |
| In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. | ||||
| CVE-2022-32595 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6765 and 30 more | 2025-03-26 | 4.4 Medium |
| In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. | ||||
| CVE-2020-23438 | 1 Wondershare | 1 Filmora | 2025-03-26 | 7.8 High |
| Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation. | ||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2025-03-26 | 4.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | ||||
| CVE-2022-45100 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 8.1 High |
| Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. | ||||
| CVE-2022-45102 | 1 Dell | 5 Dp4400, Dp4400 Firmware, Dp5900 and 2 more | 2025-03-26 | 5.4 Medium |
| Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections. | ||||
| CVE-2016-0185 | 1 Microsoft | 3 Windows 7, Windows 8.1, Windows Vista | 2025-03-26 | 7.8 High |
| Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability." | ||||
| CVE-2015-6175 | 1 Microsoft | 1 Windows 10 1507 | 2025-03-26 | 7.8 High |
| The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability." | ||||
| CVE-2023-22574 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 8.1 High |
| Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | ||||
| CVE-2015-2502 | 1 Microsoft | 9 Internet Explorer, Windows 10 1507, Windows 7 and 6 more | 2025-03-26 | 8.8 High |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015. | ||||
| CVE-2015-1701 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2025-03-26 | 7.8 High |
| Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2014-8361 | 3 Aterm, Dlink, Realtek | 51 W1200ex, W1200ex-ms, W1200ex-ms Firmware and 48 more | 2025-03-26 | 9.8 Critical |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | ||||
| CVE-2024-1249 | 1 Redhat | 15 Amq Broker, Amq Streams, Build Keycloak and 12 more | 2025-03-26 | 7.4 High |
| A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages. | ||||
| CVE-2025-2562 | 2025-03-26 | 5.4 Medium | ||
| Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | ||||
| CVE-2025-2528 | 2025-03-26 | 3.6 Low | ||
| Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | ||||