Total
1951 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52538 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 9.1 CRITICAL |
| Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-40770 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | |||||
| CVE-2024-40530 | 2025-03-24 | N/A | 7.5 HIGH | ||
| A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | |||||
| CVE-2024-44305 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges. | |||||
| CVE-2025-24121 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 3.3 LOW |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-24099 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.1 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges. | |||||
| CVE-2024-44136 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-22 | N/A | 4.6 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection. | |||||
| CVE-2024-2098 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 7.5 HIGH |
| The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files. | |||||
| CVE-2025-27138 | 1 Dataease | 1 Dataease | 2025-03-21 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | |||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2025-03-20 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | |||||
| CVE-2025-24400 | 2025-03-20 | N/A | 4.3 MEDIUM | ||
| Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials. | |||||
| CVE-2024-40843 | 1 Apple | 1 Macos | 2025-03-20 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-9159 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
| An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not properly guarded by an admin check. | |||||
| CVE-2024-10109 | 2025-03-20 | N/A | 8.3 HIGH | ||
| A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats. | |||||
| CVE-2024-36265 | 1 Apache | 1 Submarine | 2025-03-19 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-44162 | 1 Apple | 1 Xcode | 2025-03-19 | N/A | 7.8 HIGH |
| This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | |||||
| CVE-2025-1472 | 2025-03-19 | N/A | 4.3 MEDIUM | ||
| Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team and site statistics. | |||||
| CVE-2024-57032 | 1 Wegia | 1 Wegia | 2025-03-19 | N/A | 9.8 CRITICAL |
| WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. | |||||
| CVE-2023-24485 | 1 Citrix | 1 Workspace | 2025-03-19 | N/A | 7.8 HIGH |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | |||||