Total
1230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25535 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
| HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. | |||||
| CVE-2022-23454 | 1 Hp | 1 Support Assistant | 2025-03-27 | N/A | 7.8 HIGH |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | |||||
| CVE-2022-23453 | 1 Hp | 1 Support Assistant | 2025-03-27 | N/A | 7.8 HIGH |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | |||||
| CVE-2024-26302 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-27 | N/A | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | |||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2025-03-25 | N/A | 8.8 HIGH |
| Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | |||||
| CVE-2025-24135 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 7.8 HIGH |
| This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges. | |||||
| CVE-2024-54564 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. | |||||
| CVE-2018-9401 | 2025-03-24 | N/A | 7.8 HIGH | ||
| In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9434 | 2025-03-24 | N/A | 7.8 HIGH | ||
| In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-24176 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 7.1 HIGH |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges. | |||||
| CVE-2025-24093 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent. | |||||
| CVE-2024-51440 | 2025-03-22 | N/A | 7.8 HIGH | ||
| An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. | |||||
| CVE-2023-1809 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 7.5 HIGH |
| The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | |||||
| CVE-2025-27612 | 2025-03-21 | N/A | 5.9 MEDIUM | ||
| libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder. | |||||
| CVE-2025-24915 | 2025-03-21 | N/A | 7.8 HIGH | ||
| When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | |||||
| CVE-2024-28056 | 2025-03-20 | N/A | 9.8 CRITICAL | ||
| Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider. | |||||
| CVE-2024-57604 | 2025-03-20 | N/A | 9.8 CRITICAL | ||
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. | |||||
| CVE-2023-29162 | 2025-03-20 | N/A | 6.0 MEDIUM | ||
| Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-55215 | 2025-03-19 | N/A | 9.8 CRITICAL | ||
| An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. | |||||
| CVE-2024-44135 | 1 Apple | 1 Macos | 2025-03-19 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected files within an App Sandbox container. | |||||