Search

Search Results (312888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25635 1 Totolink 2 A3002r, A3002r Firmware 2025-10-02 8 High
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
CVE-2025-54988 1 Apache 1 Tika 2025-10-02 8.4 High
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.
CVE-2025-55622 1 Reolink 1 Reolink 2025-10-02 6.5 Medium
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience.
CVE-2024-7762 1 Presstigers 1 Simple Job Board 2025-10-02 3.7 Low
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
CVE-2024-1286 2 Paidmembershipspro, Strangerstudios 2 Maps, Paid Memberships Pro 2025-10-02 4.9 Medium
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.
CVE-2025-43273 1 Apple 2 Macos, Macos Sequoia 2025-10-02 9.1 Critical
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2025-24206 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-10-02 7.7 High
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
CVE-2025-31239 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2025-10-02 4.3 Medium
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
CVE-2025-24196 1 Apple 1 Macos 2025-10-02 8.8 High
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory.
CVE-2024-23224 1 Apple 1 Macos 2025-10-02 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data.
CVE-2024-2868 1 Hasthemes 1 Shoplentor 2025-10-02 6.4 Medium
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-22598 1 Wegia 1 Wegia 2025-10-02 8.3 High
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
CVE-2025-22597 1 Wegia 1 Wegia 2025-10-02 8.3 High
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
CVE-2025-46745 2025-10-02 6.5 Medium
An authenticated user without user-management permissions could view other users account information.
CVE-2025-24133 1 Apple 2 Ios, Ipados 2025-10-02 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-11218 1 Redhat 8 Enterprise Linux, Openshift, Openshift Ironic and 5 more 2025-10-02 8.6 High
A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.
CVE-2025-46744 2025-10-01 2.7 Low
An authenticated administrator could modify the Created By username for a user account
CVE-2025-46742 2025-10-01 4.3 Medium
Users who were required to change their password could still access system information before changing their password
CVE-2024-27239 1 Zoom 5 Meeting Software Development Kit, Rooms, Workplace and 2 more 2025-10-01 4.3 Medium
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-54234 1 Adobe 1 Coldfusion 2025-10-01 2.7 Low
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.