Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41250 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2025-03-14 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | ||||
| CVE-2024-41143 | 1 Skygroup | 1 Skysea Client View | 2025-03-14 | 7.8 High |
| Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed. | ||||
| CVE-2024-40865 | 1 Apple | 1 Visionos | 2025-03-14 | 5.3 Medium |
| The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona. | ||||
| CVE-2024-40834 | 1 Apple | 1 Macos | 2025-03-14 | 4.4 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensitive Shortcuts app settings. | ||||
| CVE-2024-40817 | 1 Apple | 2 Macos, Safari | 2025-03-14 | 6.1 Medium |
| The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content may lead to UI spoofing. | ||||
| CVE-2024-40793 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-14 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data. | ||||
| CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2025-03-14 | 9.8 Critical |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
| CVE-2024-39118 | 1 Mommyheather | 1 Advanced Backups | 2025-03-14 | 5.5 Medium |
| Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up. | ||||
| CVE-2024-38313 | 1 Mozilla | 1 Firefox | 2025-03-14 | 4.3 Medium |
| In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. | ||||
| CVE-2024-37671 | 1 Tessi | 1 Docubase | 2025-03-14 | 5.4 Medium |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter. | ||||
| CVE-2024-37471 | 1 Xtendify | 1 Woffice | 2025-03-14 | 7.1 High |
| Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8. | ||||
| CVE-2024-37407 | 1 Libarchive | 1 Libarchive | 2025-03-14 | 9.1 Critical |
| Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c. | ||||
| CVE-2024-37034 | 1 Couchbase | 1 Couchbase Server | 2025-03-14 | 5.9 Medium |
| An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 before 7.6.1. It does not ensure that credentials are negotiated with the Key-Value (KV) service using SCRAM-SHA when remote link encryption is configured for Half-Secure. | ||||
| CVE-2024-35422 | 1 Vmir | 1 Vmir | 2025-03-14 | 7.8 High |
| vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c. | ||||
| CVE-2024-34329 | 1 Entrust | 1 Datacard Xps Card Printer Driver | 2025-03-14 | 8.4 High |
| Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. | ||||
| CVE-2024-33209 | 1 Flatpress | 1 Flatpress | 2025-03-14 | 5.4 Medium |
| FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser. | ||||
| CVE-2024-32928 | 2 Google, Haxx | 3 Nest Mini, Nest Mini Firmware, Libcurl | 2025-03-14 | 5.9 Medium |
| The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | ||||
| CVE-2024-31327 | 1 Google | 1 Android | 2025-03-14 | 5.3 Medium |
| In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30804 | 1 Asus | 1 Fan Xpert | 2025-03-14 | 9.8 Critical |
| An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | ||||
| CVE-2024-2615 | 1 Mozilla | 1 Firefox | 2025-03-14 | 9.8 Critical |
| Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. | ||||