Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27844 | 1 Apple | 3 Macos, Safari, Visionos | 2025-03-13 | 9.1 Critical |
| The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the site. | ||||
| CVE-2023-52358 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 6.2 Medium |
| Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-52097 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-2190 | 2025-03-13 | 8.1 High | ||
| The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. | ||||
| CVE-2025-27604 | 1 Xwiki | 1 Confluence Migrator | 2025-03-13 | 7.5 High |
| XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7. | ||||
| CVE-2023-28018 | 1 Hcltech | 1 Connections | 2025-03-13 | 5.5 Medium |
| HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users. | ||||
| CVE-2024-20997 | 1 Oracle | 1 Hospitality Simphony | 2025-03-13 | 9.9 Critical |
| Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-32358 | 1 Jpress | 1 Jpress | 2025-03-13 | 7.5 High |
| An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. | ||||
| CVE-2024-6457 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-13 | 9.8 Critical |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-25900 | 2025-03-13 | 4.9 Medium | ||
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-24500 | 2025-03-13 | N/A | ||
| The vulnerability allows an unauthenticated attacker to access information in PAM database. | ||||
| CVE-2025-23058 | 2025-03-13 | 8.8 High | ||
| A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges. | ||||
| CVE-2025-23055 | 2025-03-13 | 5.5 Medium | ||
| A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface. | ||||
| CVE-2025-22221 | 2025-03-13 | 5.2 Medium | ||
| VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. | ||||
| CVE-2024-6996 | 1 Google | 1 Chrome | 2025-03-13 | 3.1 Low |
| Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5802 | 1 Mythemeshop | 1 Url Shortener | 2025-03-13 | 6.1 Medium |
| The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-57432 | 2025-03-13 | 7.5 High | ||
| macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve authentication bypass. | ||||
| CVE-2024-57159 | 2025-03-13 | 3.5 Low | ||
| 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. | ||||
| CVE-2024-56527 | 2025-03-13 | 7.5 High | ||
| An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | ||||
| CVE-2024-54475 | 1 Apple | 1 Macos | 2025-03-13 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a user’s current location. | ||||