Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7713 | 1 Ays-pro | 2 Ai Chatbot With Chatgpt, Chatgpt Assistant | 2025-03-18 | 7.5 High |
| The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | ||||
| CVE-2024-57721 | 2025-03-18 | 6.5 Medium | ||
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add_path. | ||||
| CVE-2024-57019 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-18 | 8.8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. | ||||
| CVE-2024-54478 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-18 | 6.5 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-52943 | 2025-03-18 | 5.4 Medium | ||
| An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | ||||
| CVE-2024-47899 | 2025-03-18 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | ||||
| CVE-2024-47857 | 2025-03-18 | 9.8 Critical | ||
| SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access. | ||||
| CVE-2024-47049 | 1 Czim | 1 File-handling | 2025-03-18 | 8.2 High |
| The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files. | ||||
| CVE-2024-46592 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-44552 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-18 | 6.6 Medium |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. | ||||
| CVE-2024-44176 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-18 | 5.5 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing an image may lead to a denial-of-service. | ||||
| CVE-2024-42006 | 1 Keyfactor | 1 Aws Orchestrator | 2025-03-18 | 7.5 High |
| Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. | ||||
| CVE-2024-41614 | 1 Symphony-cms | 1 Symphony Cms | 2025-03-18 | 4.8 Medium |
| symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles. | ||||
| CVE-2024-41310 | 1 Yanzhenjie | 1 Andserver | 2025-03-18 | 7.5 High |
| AndServer 2.1.12 is vulnerable to Directory Traversal. | ||||
| CVE-2024-40842 | 1 Apple | 1 Macos | 2025-03-18 | 5.5 Medium |
| An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-40393 | 1 Angeljudesuarez | 1 Online Clinic Management System | 2025-03-18 | 9.8 Critical |
| Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php. | ||||
| CVE-2024-39924 | 1 Vaultwarden | 1 Vaultwarden | 2025-03-18 | 8.8 High |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. | ||||
| CVE-2024-27383 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-03-18 | 6.7 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on default_ies coming from userspace, which can lead to a heap overwrite. | ||||
| CVE-2024-26495 | 1 Friendica | 1 Friendica | 2025-03-18 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. | ||||
| CVE-2024-23929 | 2025-03-18 | 8 High | ||
| This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telematics functionality. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. | ||||