Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25225 | 2025-03-19 | 6.5 Medium | ||
| A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. | ||||
| CVE-2024-56347 | 1 Ibm | 1 Aix | 2025-03-19 | 9.6 Critical |
| IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls. | ||||
| CVE-2025-27688 | 2025-03-19 | 7.8 High | ||
| Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2023-47539 | 1 Fortinet | 1 Fortimail | 2025-03-19 | 9 Critical |
| An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. | ||||
| CVE-2025-0440 | 2025-03-18 | 6.5 Medium | ||
| Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-8900 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Rhel Aus and 4 more | 2025-03-18 | 7.5 High |
| An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. | ||||
| CVE-2024-6610 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-18 | 6.3 Medium |
| Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
| CVE-2024-57768 | 2025-03-18 | 9.8 Critical | ||
| JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key. | ||||
| CVE-2024-57723 | 2025-03-18 | 6.5 Medium | ||
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_source_over. | ||||
| CVE-2024-57673 | 2025-03-18 | 5.5 Medium | ||
| An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module | ||||
| CVE-2024-57348 | 2025-03-18 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters. | ||||
| CVE-2024-57079 | 2025-03-18 | 7.5 High | ||
| A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57076 | 2025-03-18 | 7.5 High | ||
| A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-55456 | 2025-03-18 | 6.5 Medium | ||
| lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell | ||||
| CVE-2024-54530 | 2025-03-18 | 9.1 Critical | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication. | ||||
| CVE-2024-51122 | 2025-03-18 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Zertificon Z1 SecureMail Z1 CertServer v.3.16.4-2516-debian12 alllows a remote attacker to execute arbitrary code via the ST, L, O, OU, CN parameters. | ||||
| CVE-2024-4094 | 1 Sharethis | 1 Simple Share Buttons Adder | 2025-03-18 | 5.4 Medium |
| The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-48126 | 2025-03-18 | 9.8 Critical | ||
| HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | ||||
| CVE-2024-47891 | 2025-03-18 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | ||||
| CVE-2024-47222 | 1 Myoffice | 1 My Office Sdk | 2025-03-18 | 9.8 Critical |
| New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | ||||