Search Results (14125 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-70027 2 Sunbird, Sunbird-ed 2 Sunbirded-portal, Sunbirded-portal 2026-04-02 7.5 High
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
CVE-2026-30402 2 Tianshiyeben, Wgstart 2 Wgcloud, Wgcloud 2026-04-02 9.8 Critical
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function
CVE-2026-30404 2 Tianshiyeben, Wgstart 2 Wgcloud, Wgcloud 2026-04-02 7.5 High
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations.
CVE-2026-35056 1 Xenforo 1 Xenforo 2026-04-02 7.2 High
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server.
CVE-2026-34740 1 Wwbn 1 Avideo 2026-04-02 6.5 Medium
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's FILTER_VALIDATE_URL, which accepts internal network addresses. Although AVideo has a dedicated isSSRFSafeURL() function for preventing SSRF, it is not called in this code path. This results in a stored server-side request forgery vulnerability that can be used to scan internal networks, access cloud metadata services, and interact with internal services. At time of publication, there are no publicly available patches.
CVE-2025-43392 1 Apple 7 Ios, Ipados, Iphone Os and 4 more 2026-04-02 4.3 Medium
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin.
CVE-2025-24243 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-04-02 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2024-54541 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-04-02 5.5 Medium
This issue was addressed through improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access user-sensitive data.
CVE-2024-54529 1 Apple 1 Macos 2026-04-02 7.8 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
CVE-2024-54485 1 Apple 2 Ipados, Iphone Os 2026-04-02 5.5 Medium
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-54477 1 Apple 1 Macos 2026-04-02 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An app may be able to access user-sensitive data.
CVE-2024-44275 1 Apple 1 Macos 2026-04-02 3.3 Low
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to modify protected parts of the file system.
CVE-2024-44257 1 Apple 1 Macos 2026-04-02 6.2 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access sensitive user data.
CVE-2024-44222 1 Apple 1 Macos 2026-04-02 3.3 Low
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to read sensitive location information.
CVE-2024-44216 1 Apple 1 Macos 2026-04-02 6.2 Medium
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to access user-sensitive data.
CVE-2024-44213 1 Apple 1 Macos 2026-04-02 7.5 High
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker in a privileged network position may be able to leak sensitive user information.
CVE-2024-44200 1 Apple 2 Ipados, Iphone Os 2026-04-02 5.5 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.
CVE-2024-40832 1 Apple 1 Macos 2026-04-02 3.3 Low
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs.
CVE-2024-40813 1 Apple 3 Ipados, Iphone Os, Watchos 2026-04-02 4.6 Medium
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.
CVE-2024-27859 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-04-02 8.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution.