Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40830 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2024-40827 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to overwrite arbitrary files. | ||||
| CVE-2024-40826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-25 | 6.1 Medium |
| A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview. | ||||
| CVE-2024-40816 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to cause unexpected system shutdown. | ||||
| CVE-2024-40806 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-25 | 5.5 Medium |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination. | ||||
| CVE-2024-40801 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-40797 | 1 Apple | 1 Macos | 2025-03-25 | 6.1 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Visiting a malicious website may lead to user interface spoofing. | ||||
| CVE-2024-40795 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-25 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information. | ||||
| CVE-2024-40790 | 1 Apple | 1 Visionos | 2025-03-25 | 5.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory. | ||||
| CVE-2024-40785 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-25 | 6.1 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. | ||||
| CVE-2024-40715 | 1 Veeam | 1 Backup \& Replication | 2025-03-25 | N/A |
| A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability. | ||||
| CVE-2024-40598 | 1 Mediawiki | 1 Mediawiki | 2025-03-25 | 4.3 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.) | ||||
| CVE-2024-40549 | 1 Publiccms | 1 Publiccms | 2025-03-25 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40519 | 1 Seacms | 1 Seacms | 2025-03-25 | 8.8 High |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
| CVE-2024-40395 | 1 Ptc | 1 Thingworx | 2025-03-25 | 6.5 Medium |
| An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. | ||||
| CVE-2024-39838 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2025-03-25 | 8.8 High |
| ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device. | ||||
| CVE-2024-39734 | 1 Ibm | 1 Datacap | 2025-03-25 | 4.3 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. | ||||
| CVE-2024-37403 | 1 Ivanti | 1 Docs\@work | 2025-03-25 | 5.5 Medium |
| Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. | ||||
| CVE-2024-36736 | 1 Oneflow | 1 Oneflow | 2025-03-25 | 9.8 Critical |
| An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed. | ||||
| CVE-2024-36446 | 1 Mitel | 1 Mivoice Mx-one | 2025-03-25 | 8.8 High |
| The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema. | ||||