Total 284717 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-54558 2025-03-11 7.5 High
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library.
CVE-2024-54546 2025-03-11 7.5 High
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2024-54467 2025-03-11 6.5 Medium
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-54463 2025-03-11 5.5 Medium
This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent.
CVE-2024-44227 2025-03-11 7.5 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2024-44179 2025-03-11 2.4 Low
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a device may be able to read contact numbers from the lock screen.
CVE-2022-4788 1 Embed Pdf Project 1 Embed Pdf 2025-03-11 5.4 Medium
The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-48610 2025-03-11 5.5 Medium
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.
CVE-2023-23512 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-03-11 6.5 Medium
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.
CVE-2023-24258 1 Spip 1 Spip 2025-03-11 9.8 Critical
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.
CVE-2023-26759 1 Smeup 1 Erp 2025-03-11 8.8 High
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.
CVE-2023-26760 1 Smeup 1 Erp 2025-03-11 7.5 High
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system.
CVE-2023-26762 1 Smeup 1 Erp 2025-03-11 8.8 High
Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.
CVE-2023-0539 1 Gsplugins 1 Gs Insever Portfolio 2025-03-11 5.4 Medium
The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2025-0062 2025-03-11 4.7 Medium
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.
CVE-2025-0071 2025-03-11 4.9 Medium
SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.
CVE-2025-23185 2025-03-11 4.1 Medium
Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application.
CVE-2025-23188 2025-03-11 4.3 Medium
An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability.
CVE-2025-1937 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2025-03-11 8.8 High
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2024-12010 2025-03-11 7.2 High
A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.