Total
29432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43084 | 1 Google | 1 Android | 2025-03-13 | 6.2 Medium |
| In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 7.6 High |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | ||||
| CVE-2025-25615 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 6 Medium |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | ||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2025-03-13 | 5 Medium |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2024-37279 | 1 Elastic | 1 Kibana | 2025-03-13 | 4.3 Medium |
| A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | ||||
| CVE-2022-27926 | 1 Zimbra | 1 Collaboration | 2025-03-13 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. | ||||
| CVE-2024-31398 | 1 Cybozu | 1 Garoon | 2025-03-13 | 4.3 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | ||||
| CVE-2024-27855 | 1 Apple | 4 Ipad Os, Ipados, Iphone Os and 1 more | 2025-03-13 | 8.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user. | ||||
| CVE-2024-53075 | 1 Linux | 1 Linux Kernel | 2025-03-13 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: riscv: Prevent a bad reference count on CPU nodes When populating cache leaves we previously fetched the CPU device node at the very beginning. But when ACPI is enabled we go through a specific branch which returns early and does not call 'of_node_put' for the node that was acquired. Since we are not using a CPU device node for the ACPI code anyways, we can simply move the initialization of it just passed the ACPI block, and we are guaranteed to have an 'of_node_put' call for the acquired node. This prevents a bad reference count of the CPU device node. Moreover, the previous function did not check for errors when acquiring the device node, so a return -ENOENT has been added for that case. | ||||
| CVE-2024-3061 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-13 | 7.2 High |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2021-28799 | 1 Qnap | 4 Hybrid Backup Sync, Qts, Quts Hero and 1 more | 2025-03-12 | 10 Critical |
| An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 . | ||||
| CVE-2022-40231 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-03-12 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533. | ||||
| CVE-2023-23919 | 2 Nodejs, Redhat | 2 Node.js, Enterprise Linux | 2025-03-12 | 7.5 High |
| A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | ||||
| CVE-2022-48341 | 1 Thingsboard | 1 Thingsboard | 2025-03-12 | 8.8 High |
| ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | ||||
| CVE-2025-27840 | 1 Espressif | 2 Esp32, Esp32 Firmware | 2025-03-12 | 6.8 Medium |
| Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). | ||||
| CVE-2023-38122 | 1 Inductiveautomation | 1 Ignition | 2025-03-12 | 7.2 High |
| Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539. | ||||
| CVE-2023-22920 | 1 Zyxel | 4 Lte3202-m437, Lte3202-m437 Firmware, Lte3316-m604 and 1 more | 2025-03-12 | 9.8 Critical |
| A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet. | ||||
| CVE-2024-2281 | 1 Boyiddha | 1 Automated-mess-management-system | 2025-03-12 | 6.3 Medium |
| A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-49621 | 1 Linux | 1 Linux Kernel | 2025-03-11 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: cpufreq: pmac32-cpufreq: Fix refcount leak bug In pmac_cpufreq_init_MacRISC3(), we need to add corresponding of_node_put() for the three node pointers whose refcount have been incremented by of_find_node_by_name(). | ||||
| CVE-2022-49620 | 1 Linux | 1 Linux Kernel | 2025-03-11 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix possible refcount leak in tipc_sk_create() Free sk in case tipc_sk_insert() fails. | ||||