Search

Search Results (316646 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36172 1 Ibm 1 Cloud Pak For Business Automation 2025-11-03 6.4 Medium
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-11193 2025-11-03 5.5 Medium
A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.
CVE-2025-12657 2025-11-03 5 Medium
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.
CVE-2025-63563 1 Summerpearlgroup 1 Vacation Rental Management Platform 2025-11-03 6.5 Medium
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password.
CVE-2025-63293 2025-11-03 6.5 Medium
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
CVE-2025-60892 2025-11-03 6.8 Medium
An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
CVE-2025-52179 1 Zucchetti 1 Ad Hoc Revolution 2025-11-03 6.1 Medium
Cross-site scripting (XSS) vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfr_feditorHTML.jsp endpoint.
CVE-2025-50735 2025-11-03 7.5 High
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
CVE-2025-45663 2025-11-03 6.5 Medium
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVE-2025-29699 2025-11-03 6.5 Medium
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
CVE-2025-24235 1 Apple 1 Macos 2025-11-03 5.5 Medium
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
CVE-2025-24234 1 Apple 1 Macos 2025-11-03 7.8 High
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to gain root privileges.
CVE-2025-24233 1 Apple 1 Macos 2025-11-03 9.8 Critical
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files.
CVE-2025-24232 1 Apple 1 Macos 2025-11-03 9.8 Critical
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files.
CVE-2025-24231 1 Apple 1 Macos 2025-11-03 9.8 Critical
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
CVE-2025-24230 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-11-03 9.8 Critical
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.
CVE-2025-24229 1 Apple 1 Macos 2025-11-03 7.4 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A sandboxed app may be able to access sensitive user data.
CVE-2025-24228 1 Apple 1 Macos 2025-11-03 7.8 High
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2025-24226 1 Apple 1 Xcode 2025-11-03 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
CVE-2025-24221 1 Apple 3 Ipados, Iphone Os, Visionos 2025-11-03 7.5 High
This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup.