Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27807 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging. | ||||
| CVE-2024-25660 | 1 Infinera | 1 Tnms | 2025-03-25 | 9 Critical |
| The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. | ||||
| CVE-2024-25270 | 1 Mirapolis | 1 Lms | 2025-03-25 | 4.3 Medium |
| An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | ||||
| CVE-2024-24051 | 1 Monoprice | 2 Select Mini 3d Printer V2, Select Mini 3d Printer V2 Firmware | 2025-03-25 | 5.5 Medium |
| Improper input validation of printing files in Monoprice Select Mini V2 V37.115.32 allows attackers to instruct the device's movable parts to destinations that exceed the devices' maximum coordinates via the printing of a malicious .gcode file. | ||||
| CVE-2024-23784 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-25 | 6.5 Medium |
| Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. | ||||
| CVE-2024-23783 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-25 | 8.8 High |
| Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. | ||||
| CVE-2024-23237 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service. | ||||
| CVE-2024-22441 | 1 Hpe | 1 Cray Parallel Application Launch Service | 2025-03-25 | 9.8 Critical |
| HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. | ||||
| CVE-2024-20506 | 1 Clamav | 1 Clamav | 2025-03-25 | 6.1 Medium |
| A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart. | ||||
| CVE-2023-51712 | 1 Arm | 1 Trusted Firmware-m | 2025-03-25 | 4.7 Medium |
| An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | ||||
| CVE-2023-42949 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-25 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to access edited photos saved to a temporary directory. | ||||
| CVE-2018-20072 | 1 Google | 1 Chrome | 2025-03-25 | 7.8 High |
| Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low) | ||||
| CVE-2015-6420 | 1 Apache | 1 Commons Collections | 2025-03-25 | N/A |
| Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2025-2220 | 1 Odysseyautomation | 1 Odyssey Cms | 2025-03-25 | 3.3 Low |
| A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-33807 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 5.4 Medium |
| A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | ||||
| CVE-2024-33808 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 9.8 Critical |
| A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-33402 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | 8.1 High |
| A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2024-1434 | 1 Jordymeow | 1 Media Alt Renamer | 2025-03-25 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1. | ||||
| CVE-2024-21029 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-03-25 | 6.1 Medium |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2023-42893 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-25 | 5.5 Medium |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data. | ||||