Total
31401 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0431 | 2 Oracle, Redhat | 4 Jre, Openjdk, Enterprise Linux and 1 more | 2025-03-13 | 5.3 Medium |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||||
| CVE-2024-23244 | 1 Apple | 1 Macos | 2025-03-13 | 6.7 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to escalate privilege after admin user login. | ||||
| CVE-2025-24151 | 1 Apple | 1 Macos | 2025-03-13 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2024-54504 | 1 Apple | 1 Macos | 2025-03-13 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-45203 | 1 Istyle | 1 \@cosme | 2025-03-13 | 4.3 Medium |
| Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2024-40836 | 1 Apple | 5 Ipad Os, Ipados, Iphone Os and 2 more | 2025-03-13 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. A shortcut may be able to use sensitive data with certain actions without prompting the user. | ||||
| CVE-2024-40809 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-13 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. | ||||
| CVE-2024-27712 | 1 Eskooly | 1 Eskooly | 2025-03-13 | 9.8 Critical |
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. | ||||
| CVE-2024-22105 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-13 | 5.5 Medium |
| Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. | ||||
| CVE-2024-21188 | 1 Oracle | 1 Financial Services Revenue Management And Billing | 2025-03-13 | 6.1 Medium |
| Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 6.0.0.0.0 and 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-20929 | 1 Oracle | 1 Application Object Library | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2024-10474 | 1 Mozilla | 2 Firefox Focus, Focus For Ios | 2025-03-13 | 9.1 Critical |
| Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. | ||||
| CVE-2023-51776 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-13 | 7.8 High |
| Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2023-42936 | 1 Apple | 8 Ipados, Iphone Os, Macos and 5 more | 2025-03-13 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access user-sensitive data. | ||||
| CVE-2023-24108 | 1 Zetacomponenets | 1 Mvctools | 2025-03-13 | 9.8 Critical |
| MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | ||||
| CVE-2023-24107 | 1 Hour Of Code Python 2015 Project | 1 Hour Of Code Python 2015 | 2025-03-13 | 9.8 Critical |
| hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | ||||
| CVE-2022-36231 | 1 Newspaperclub | 1 Pdf Info | 2025-03-13 | 9.8 Critical |
| pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3. | ||||
| CVE-2024-27824 | 1 Apple | 1 Macos | 2025-03-13 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.5. An app may be able to elevate privileges. | ||||
| CVE-2024-31316 | 1 Google | 1 Android | 2025-03-13 | 7.8 High |
| In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-4966 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-03-13 | 9.4 Critical |
| Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | ||||