Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6512 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | 6.5 Medium |
| Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | ||||
| CVE-2024-6230 | 2025-03-14 | 6.5 Medium | ||
| The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack | ||||
| CVE-2024-5003 | 1 Jankarres | 1 Wp Stacker | 2025-03-14 | 5.4 Medium |
| The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-57720 | 2025-03-14 | 6.5 Medium | ||
| lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend. | ||||
| CVE-2024-57099 | 2025-03-14 | 9.8 Critical | ||
| ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. | ||||
| CVE-2024-57012 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-03-14 | 8.8 High |
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | ||||
| CVE-2024-55957 | 2025-03-14 | 7.8 High | ||
| In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. | ||||
| CVE-2024-54468 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-14 | 8.2 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to break out of its sandbox. | ||||
| CVE-2024-49209 | 1 Archerirm | 1 Archer | 2025-03-14 | 6.5 Medium |
| Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons. | ||||
| CVE-2024-49208 | 1 Archerirm | 1 Archer | 2025-03-14 | 5.9 Medium |
| Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons. | ||||
| CVE-2024-47900 | 2025-03-14 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. | ||||
| CVE-2024-47804 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-03-14 | 4.3 Medium |
| If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | ||||
| CVE-2024-46584 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46560 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-14 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46258 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-14 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. | ||||
| CVE-2024-44930 | 2 Serilog, Serilog-contrib | 2 Serilog, Serilog-enrichers-clientinfo | 2025-03-14 | 6.5 Medium |
| Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests. | ||||
| CVE-2024-44682 | 1 Shopxo | 1 Shopxo | 2025-03-14 | 6.1 Medium |
| ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. | ||||
| CVE-2024-44187 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-03-14 | 6.5 Medium |
| A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2024-42222 | 1 Apache | 1 Cloudstack | 2025-03-14 | 4.3 Medium |
| In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1. | ||||
| CVE-2024-41591 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-03-14 | 6.1 Medium |
| DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | ||||