Total
284717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54558 | 2025-03-11 | 7.5 High | ||
| A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. | ||||
| CVE-2024-54546 | 2025-03-11 | 7.5 High | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2024-54467 | 2025-03-11 | 6.5 Medium | ||
| A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2024-54463 | 2025-03-11 | 5.5 Medium | ||
| This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent. | ||||
| CVE-2024-44227 | 2025-03-11 | 7.5 High | ||
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2024-44179 | 2025-03-11 | 2.4 Low | ||
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen. | ||||
| CVE-2022-4788 | 1 Embed Pdf Project | 1 Embed Pdf | 2025-03-11 | 5.4 Medium |
| The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-48610 | 2025-03-11 | 5.5 Medium | ||
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data. | ||||
| CVE-2023-23512 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-11 | 6.5 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service. | ||||
| CVE-2023-24258 | 1 Spip | 1 Spip | 2025-03-11 | 9.8 Critical |
| SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | ||||
| CVE-2023-26759 | 1 Smeup | 1 Erp | 2025-03-11 | 8.8 High |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. | ||||
| CVE-2023-26760 | 1 Smeup | 1 Erp | 2025-03-11 | 7.5 High |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system. | ||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2025-03-11 | 8.8 High |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2023-0539 | 1 Gsplugins | 1 Gs Insever Portfolio | 2025-03-11 | 5.4 Medium |
| The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-0062 | 2025-03-11 | 4.7 Medium | ||
| SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console. | ||||
| CVE-2025-0071 | 2025-03-11 | 4.9 Medium | ||
| SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. | ||||
| CVE-2025-23185 | 2025-03-11 | 4.1 Medium | ||
| Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application. | ||||
| CVE-2025-23188 | 2025-03-11 | 4.3 Medium | ||
| An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. | ||||
| CVE-2025-1937 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-03-11 | 8.8 High |
| Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | ||||
| CVE-2024-12010 | 2025-03-11 | 7.2 High | ||
| A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | ||||