Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1203 | 2025-03-24 | 3.5 Low | ||
| The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1062 | 2025-03-24 | 3.5 Low | ||
| The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-0590 | 2025-03-24 | 7.5 High | ||
| Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | ||||
| CVE-2025-0448 | 2025-03-24 | 4.3 Medium | ||
| Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-7976 | 1 Google | 1 Chrome | 2025-03-24 | 4.3 Medium |
| Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-57490 | 2025-03-24 | 7.7 High | ||
| Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can log in to any system account including the system administrator through a logical flaw. | ||||
| CVE-2024-57031 | 1 Wegia | 1 Wegia | 2025-03-24 | 9.8 Critical |
| WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter. | ||||
| CVE-2024-56521 | 2025-03-24 | 9.8 Critical | ||
| An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | ||||
| CVE-2024-54547 | 2025-03-24 | 5.5 Medium | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to access protected user data. | ||||
| CVE-2024-54540 | 2 Apple, Microsoft | 3 Music, Windows 10 22h2, Windows 11 24h2 | 2025-03-24 | 5.5 Medium |
| The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | ||||
| CVE-2024-54520 | 1 Apple | 1 Macos | 2025-03-24 | 5.5 Medium |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files. | ||||
| CVE-2024-54493 | 1 Apple | 1 Macos | 2025-03-24 | 3.3 Low |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly. | ||||
| CVE-2024-53350 | 2025-03-24 | 7.4 High | ||
| Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges. | ||||
| CVE-2024-53349 | 2025-03-24 | 7.4 High | ||
| Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster | ||||
| CVE-2024-53348 | 2025-03-24 | 7.4 High | ||
| LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. | ||||
| CVE-2024-49724 | 2025-03-24 | 7 High | ||
| In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-48821 | 1 Automatic Systems | 1 Maintenance Slimlane | 2025-03-24 | 6.1 Medium |
| Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. | ||||
| CVE-2024-48798 | 1 Hubble Connected | 1 Hubble Connected | 2025-03-24 | 7.5 High |
| An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-41995 | 1 Ricoh Company Ltd | 1 Javatm Platform | 2025-03-24 | 7.5 High |
| Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor. | ||||
| CVE-2024-40823 | 1 Apple | 1 Macos | 2025-03-24 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. | ||||