Total
2110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30469 | 1 Apple | 2 Ipados, Iphone Os | 2025-04-04 | N/A | 2.4 LOW |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||||
| CVE-2024-54530 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-04 | N/A | 9.1 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication. | |||||
| CVE-2025-0237 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | N/A | 5.4 MEDIUM |
| The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. | |||||
| CVE-2001-1155 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. | |||||
| CVE-2005-2136 | 1 Raritan | 10 Dominion Sx16, Dominion Sx16 Firmware, Dominion Sx32 and 7 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users. | |||||
| CVE-2025-24200 | 1 Apple | 2 Ipados, Iphone Os | 2025-04-02 | N/A | 6.1 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | |||||
| CVE-2025-30155 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | |||||
| CVE-2025-30209 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10. | |||||
| CVE-2024-20466 | 1 Cisco | 1 Identity Services Engine | 2025-03-31 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
| CVE-2024-9082 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-03-31 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-0043 | 1 Google | 1 Android | 2025-03-29 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-31402 | 1 Cybozu | 1 Garoon | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | |||||
| CVE-2025-2003 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.1 HIGH |
| Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | |||||
| CVE-2024-12148 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | |||||
| CVE-2024-12196 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.5 MEDIUM |
| Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | |||||
| CVE-2024-11670 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 5.4 MEDIUM |
| Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. | |||||
| CVE-2024-11672 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | |||||
| CVE-2024-2915 | 1 Devolutions | 1 Devolutions Server | 2025-03-27 | N/A | 8.8 HIGH |
| Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. | |||||
| CVE-2022-45172 | 1 Liveboxcloud | 1 Vdesk | 2025-03-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system. | |||||
| CVE-2023-24829 | 1 Apache | 1 Iotdb | 2025-03-27 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. | |||||