Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45351 | 2025-03-26 | 7.8 High | ||
| A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-37118 | 1 Uncannyowl | 1 Uncanny Automator | 2025-03-26 | 5.4 Medium |
| Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through 5.3. | ||||
| CVE-2024-33305 | 2025-03-26 | 6.1 Medium | ||
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | ||||
| CVE-2024-27793 | 1 Apple | 1 Itunes | 2025-03-26 | 6.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-25413 | 2 Firebear Studio, Firebearstudio | 2 Improved Import And Export, Improved Import \& Export | 2025-03-26 | 9.1 Critical |
| A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. | ||||
| CVE-2024-21161 | 1 Oracle | 1 Vm Virtualbox | 2025-03-26 | 5.5 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-21031 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-03-26 | 6.1 Medium |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2023-24202 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. | ||||
| CVE-2023-24201 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | ||||
| CVE-2023-24200 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. | ||||
| CVE-2023-24199 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. | ||||
| CVE-2023-24198 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | 9.8 Critical |
| Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. | ||||
| CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2025-03-26 | 8.4 High |
| VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | ||||
| CVE-2023-20614 | 2 Google, Mediatek | 38 Android, Mt6739, Mt6761 and 35 more | 2025-03-26 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615. | ||||
| CVE-2023-20613 | 2 Google, Mediatek | 37 Android, Mt6739, Mt6761 and 34 more | 2025-03-26 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614. | ||||
| CVE-2023-20612 | 2 Google, Mediatek | 37 Android, Mt6739, Mt6761 and 34 more | 2025-03-26 | 6.7 Medium |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571. | ||||
| CVE-2025-2167 | 2025-03-26 | 5.4 Medium | ||
| The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-20611 | 2 Google, Mediatek | 39 Android, Mt6580, Mt6731 and 36 more | 2025-03-26 | 6.4 Medium |
| In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678. | ||||
| CVE-2023-20610 | 2 Google, Mediatek | 23 Android, Mt6761, Mt6765 and 20 more | 2025-03-26 | 6.4 Medium |
| In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469. | ||||