Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32143 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 4.3 Medium |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | ||||
| CVE-2024-34811 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. | ||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 7.5 High |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | ||||
| CVE-2024-33928 | 1 Codebard | 1 Codebard\'s Patron Button And Widgets For Patreon | 2025-03-19 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0. | ||||
| CVE-2025-30144 | 2025-03-19 | 6.5 Medium | ||
| fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss (issuer) claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a potential attack where a malicious actor crafts a JWT with an iss claim structured as ['https://attacker-domain/', 'https://valid-iss']. Due to the permissive validation, the JWT will be deemed valid. Furthermore, if the application relies on external libraries like get-jwks that do not independently validate the iss claim, the attacker can leverage this vulnerability to forge a JWT that will be accepted by the victim application. Essentially, the attacker can insert their own domain into the iss array, alongside the legitimate issuer, and bypass the intended security checks. This issue is fixed in 5.0.6. | ||||
| CVE-2025-26486 | 2025-03-19 | 6 Medium | ||
| Use of a Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerability in Beta80 Life 1st allows an Attacker to Bruteforce User Passwords or find a collision to gain access to a target application using BETA80 “Life 1st Identity Manager” as a service for authentication.This issue affects Life 1st: 1.5.2.14234. | ||||
| CVE-2025-30152 | 2025-03-19 | 6.5 Medium | ||
| The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal transaction from a product page or the cart page and then returns to the order summary page, they can still manipulate the cart contents before finalizing the order. As a result, the order amount in Sylius may be higher than the amount actually captured by PayPal, leading to a scenario where merchants deliver products or services without full payment. The issue is fixed in versions: 1.6.2, 1.7.2, 2.0.2 and above. | ||||
| CVE-2025-30153 | 2025-03-19 | 7.5 High | ||
| kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if the OpenAPI schema allows it, an attacker can upload a crafted ZIP file (e.g., a ZIP bomb), causing the server to consume all available system memory. The root cause comes from the ZipFileBodyDecoder, which is registered automatically by the module (contrary to what the documentation says). This vulnerability is fixed in 0.131.0. | ||||
| CVE-2025-29926 | 2025-03-19 | N/A | ||
| XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module. | ||||
| CVE-2024-25132 | 2025-03-19 | 4.3 Medium | ||
| A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment’s status section, resulting in a denial of service. | ||||
| CVE-2025-24124 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-19 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2025-24102 | 2025-03-19 | 9.8 Critical | ||
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current location. | ||||
| CVE-2025-20636 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2025-03-19 | 6.7 Medium |
| In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431. | ||||
| CVE-2024-9403 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-03-19 | 7.3 High |
| Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. | ||||
| CVE-2024-8394 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-03-19 | 6.5 Medium |
| When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. | ||||
| CVE-2024-57162 | 1 Campcodes | 1 Cybercafe Management System | 2025-03-19 | 7.2 High |
| Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. | ||||
| CVE-2024-54658 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-03-19 | 6.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. | ||||
| CVE-2024-50656 | 1 Angeljudesuarez | 1 Placement Management System | 2025-03-19 | 6.1 Medium |
| itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. | ||||
| CVE-2024-47803 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-03-19 | 4.3 Medium |
| Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. | ||||
| CVE-2024-47487 | 1 Hikvision | 1 Hikcentral Professional | 2025-03-19 | 8.8 High |
| There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. | ||||