Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3832 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-14 | 8.8 High |
| Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3475 | 2025-03-14 | 7.5 High | ||
| The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks | ||||
| CVE-2024-38465 | 1 Guoxinled | 1 Synthesis Image System | 2025-03-14 | 4 Medium |
| Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. | ||||
| CVE-2024-34314 | 1 Cmseasy | 1 Cmseasy | 2025-03-14 | 7.5 High |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | ||||
| CVE-2024-33767 | 2025-03-14 | 5 Medium | ||
| lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. | ||||
| CVE-2024-2441 | 2025-03-14 | 8.1 High | ||
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to. | ||||
| CVE-2024-2301 | 2025-03-14 | 7.6 High | ||
| Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. | ||||
| CVE-2024-27570 | 1 Libtor | 4 Lbt-t300, Lbt-t300 Firmware, Lbt-t390 and 1 more | 2025-03-14 | 7.5 High |
| LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | 5.5 Medium |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | ||||
| CVE-2024-1898 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | 3.9 Low |
| Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. | ||||
| CVE-2023-42942 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2025-03-14 | 7.8 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges. | ||||
| CVE-2022-41324 | 2025-03-14 | 6.5 Medium | ||
| Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. | ||||
| CVE-2025-1266 | 2025-03-13 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-4005 | 1 Labschool | 1 Social Pixel | 2025-03-13 | 5.4 Medium |
| The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3971 | 1 Davidjmiller | 1 Similarity | 2025-03-13 | 5.4 Medium |
| The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack | ||||
| CVE-2024-2313 | 1 Redhat | 1 Enterprise Linux | 2025-03-13 | 2.8 Low |
| If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | ||||
| CVE-2024-23287 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-13 | 6.5 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-22718 | 2025-03-13 | 9.6 Critical | ||
| Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. | ||||
| CVE-2023-46810 | 1 Ivanti | 1 Secure Access Client | 2025-03-13 | N/A |
| A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root. | ||||
| CVE-2023-32873 | 2 Google, Mediatek | 25 Android, Mt6761, Mt6765 and 22 more | 2025-03-13 | 6.4 Medium |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919; Issue ID: ALPS08304227. | ||||