Total
35128 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21344 | 7 Apache, Debian, Fedoraproject and 4 more | 23 Activemq, Jmeter, Debian Linux and 20 more | 2025-05-23 | 5.3 Medium |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | ||||
| CVE-2021-21343 | 7 Apache, Debian, Fedoraproject and 4 more | 21 Activemq, Jmeter, Debian Linux and 18 more | 2025-05-23 | 5.3 Medium |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | ||||
| CVE-2021-21351 | 7 Apache, Debian, Fedoraproject and 4 more | 22 Activemq, Jmeter, Debian Linux and 19 more | 2025-05-23 | 5.4 Medium |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | ||||
| CVE-2025-24805 | 1 Opensecurity | 1 Mobile Security Framework | 2025-05-23 | 5.5 Medium |
| Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-24539 | 1 Fusionpbx | 1 Fusionpbx | 2025-05-23 | 5.3 Medium |
| FusionPBX before 5.2.0 does not validate a session. | ||||
| CVE-2022-35257 | 1 Ui | 1 Desktop | 2025-05-22 | 7.8 High |
| A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | ||||
| CVE-2022-30121 | 1 Ivanti | 1 Endpoint Manager | 2025-05-22 | 6.7 Medium |
| The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system. | ||||
| CVE-2022-32816 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-05-22 | 6.5 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2022-32815 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app with root privileges may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32797 | 1 Apple | 2 Mac Os X, Macos | 2025-05-22 | 7.1 High |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. | ||||
| CVE-2022-32790 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2025-05-22 | 7.5 High |
| This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6, Security Update 2022-004 Catalina. A remote user may be able to cause a denial-of-service. | ||||
| CVE-2022-32789 | 1 Apple | 1 Macos | 2025-05-22 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-32786 | 1 Apple | 2 Mac Os X, Macos | 2025-05-22 | 5.5 Medium |
| An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system. | ||||
| CVE-2022-32783 | 1 Apple | 1 Macos | 2025-05-22 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth. | ||||
| CVE-2023-35622 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-05-22 | 7.5 High |
| Windows DNS Spoofing Vulnerability | ||||
| CVE-2022-32818 | 1 Apple | 1 Macos | 2025-05-22 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | ||||
| CVE-2022-31679 | 1 Vmware | 1 Spring Data Rest | 2025-05-22 | 3.7 Low |
| Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. | ||||
| CVE-2022-23952 | 1 Keylime | 1 Keylime | 2025-05-22 | 7.5 High |
| In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | ||||
| CVE-2021-39983 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 7.5 High |
| The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | ||||
| CVE-2021-37133 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2025-05-22 | 7.5 High |
| There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | ||||