Total
286165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30342 | 2025-03-21 | 5.4 Medium | ||
| An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly encoded when reflected; however, adding attributes to links is possible, which allows the injection of JavaScript via the onmouseover attribute and others. When a user moves the mouse over such a prepared link, JavaScript is executed in that user's session. | ||||
| CVE-2024-50053 | 2025-03-21 | 6.3 Medium | ||
| Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature. | ||||
| CVE-2025-2581 | 2025-03-21 | 4.3 Medium | ||
| A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-22228 | 2025-03-21 | 7.4 High | ||
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | ||||
| CVE-2025-26336 | 2025-03-21 | 8.3 High | ||
| Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | ||||
| CVE-2025-2585 | 2025-03-21 | 8.8 High | ||
| EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-29814 | 2025-03-21 | 9.3 Critical | ||
| Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29807 | 2025-03-21 | 8.7 High | ||
| Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | ||||
| CVE-2023-28207 | 2025-03-21 | N/A | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data. | ||||
| CVE-2025-24053 | 2025-03-21 | 7.2 High | ||
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-26645 | 2025-03-21 | 8.8 High | ||
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-26643 | 1 Microsoft | 1 Edge Chromium | 2025-03-21 | 5.4 Medium |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-26633 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-21 | 7 High |
| Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-26631 | 2025-03-21 | 7.3 High | ||
| Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26630 | 2025-03-21 | 7.8 High | ||
| Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-26629 | 2025-03-21 | 7.8 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-26627 | 2025-03-21 | 7 High | ||
| Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24049 | 2025-03-21 | 8.4 High | ||
| Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2025-24994 | 2025-03-21 | 7.3 High | ||
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24993 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-21 | 7.8 High |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||||