Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28668 | 1 Dedecms | 1 Dedecms | 2025-03-13 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php | ||||
| CVE-2024-27799 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-13 | 3.3 Low |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode. | ||||
| CVE-2024-27630 | 1 Savannah | 1 Savane | 2025-03-13 | 7.5 High |
| Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. | ||||
| CVE-2024-26282 | 2025-03-13 | 7.1 High | ||
| Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123. | ||||
| CVE-2024-25864 | 1 Friendica | 1 Friendica | 2025-03-13 | 9.1 Critical |
| Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | ||||
| CVE-2024-25412 | 1 Flatpress | 1 Flatpress | 2025-03-13 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. | ||||
| CVE-2024-25300 | 1 Redaxo | 1 Redaxo | 2025-03-13 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. | ||||
| CVE-2024-24101 | 1 Code-projects | 1 Scholars Tracking System | 2025-03-13 | 5.1 Medium |
| Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. | ||||
| CVE-2024-23277 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-03-13 | 5.9 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard. | ||||
| CVE-2024-22277 | 1 Vmware | 1 Cloud Director | 2025-03-13 | 6.4 Medium |
| VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks. | ||||
| CVE-2024-22067 | 1 Zte | 2 Nh8091, Nh8091 Firmware | 2025-03-13 | 6.8 Medium |
| ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. | ||||
| CVE-2024-22026 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | 6.7 Medium |
| A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | ||||
| CVE-2024-21255 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-03-13 | 8.8 High |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-21248 | 1 Oracle | 1 Vm Virtualbox | 2025-03-13 | 5.3 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L). | ||||
| CVE-2024-21204 | 1 Oracle | 2 Mysql, Mysql Server | 2025-03-13 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-21196 | 2 Oracle, Redhat | 3 Mysql, Mysql Server, Enterprise Linux | 2025-03-13 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-21195 | 1 Oracle | 1 Bi Publisher | 2025-03-13 | 7.6 High |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). | ||||
| CVE-2024-21103 | 1 Oracle | 1 Vm Virtualbox | 2025-03-13 | 7.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-20111 | 2 Google, Mediatek | 11 Android, Mt6765, Mt6768 and 8 more | 2025-03-13 | 6.7 Medium |
| In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue ID: MSV-1754. | ||||
| CVE-2024-20075 | 2 Google, Mediatek | 11 Android, Mt6833, Mt6853 and 8 more | 2025-03-13 | 6.7 Medium |
| In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID: MSV-1393. | ||||