Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13430 | 2025-03-12 | 4.3 Medium | ||
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | ||||
| CVE-2025-25381 | 2025-03-12 | 7.5 High | ||
| Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords. | ||||
| CVE-2024-2281 | 1 Boyiddha | 1 Automated-mess-management-system | 2025-03-12 | 6.3 Medium |
| A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-03-12 | 8.2 High |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | ||||
| CVE-2025-24042 | 2025-03-12 | 7.3 High | ||
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-21359 | 2025-03-12 | 7.8 High | ||
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2025-21337 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 3.3 Low |
| Windows NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2025-23243 | 2025-03-11 | 6.5 Medium | ||
| NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. | ||||
| CVE-2025-23242 | 2025-03-11 | 7.3 High | ||
| NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2024-9157 | 2025-03-11 | 7.8 High | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information. | ||||
| CVE-2022-32902 | 1 Apple | 1 Macos | 2025-03-11 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-43600 | 1 Microsoft | 1 Office | 2025-03-11 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-11 | 7.3 High |
| WmsRepair Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop, Windows 10 1507, Windows 10 1607 and 14 more | 2025-03-11 | 8.4 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2024-49068 | 1 Microsoft | 1 Sharepoint Server | 2025-03-11 | 8.2 High |
| Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| CVE-2024-43594 | 1 Microsoft | 3 System Center 2019, System Center 2022, System Center 2025 | 2025-03-11 | 7.3 High |
| Microsoft System Center Elevation of Privilege Vulnerability | ||||
| CVE-2024-38164 | 1 Microsoft | 1 Groupme | 2025-03-11 | 9.6 Critical |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | ||||
| CVE-2024-38100 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-03-11 | 7.8 High |
| Windows File Explorer Elevation of Privilege Vulnerability | ||||
| CVE-2024-38061 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-03-11 | 7.5 High |
| DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | ||||
| CVE-2023-23508 | 1 Apple | 1 Macos | 2025-03-11 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences. | ||||