Total
284430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58044 | 2025-03-04 | 8.4 High | ||
| Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-27521 | 2025-03-04 | 6.8 Medium | ||
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58045 | 2025-03-04 | 8.6 High | ||
| Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-20091 | 2025-03-04 | 3.8 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2024-58046 | 2025-03-04 | 6.2 Medium | ||
| Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-20626 | 2025-03-04 | 3.8 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2024-58047 | 2025-03-04 | 5 Medium | ||
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58048 | 2025-03-04 | 6.7 Medium | ||
| Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-21089 | 2025-03-04 | 3.3 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2024-13724 | 2025-03-04 | 4.3 Medium | ||
| The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets. | ||||
| CVE-2025-22837 | 2025-03-04 | 3.3 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. | ||||
| CVE-2025-22841 | 2025-03-04 | 3.3 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-0958 | 2025-03-04 | 5.4 Medium | ||
| The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling. | ||||
| CVE-2025-22847 | 2025-03-04 | 3.3 Low | ||
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-0370 | 2025-03-04 | 6.4 Medium | ||
| The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-1925 | 2025-03-04 | 5.3 Medium | ||
| A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-21626 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 5.8 Medium |
| GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. | ||||
| CVE-2024-11955 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 4.3 Medium |
| A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-1586 | 1 Magazine3 | 1 Schema \& Structured Data For Wp \& Amp | 2025-03-04 | 6.4 Medium |
| The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber. | ||||
| CVE-2024-1496 | 1 Fifu | 1 Featured Image From Url | 2025-03-04 | 6.4 Medium |
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||