Total
29832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41251 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-13 | N/A | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | |||||
| CVE-2024-43084 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.5 MEDIUM |
| In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | N/A | 4.3 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | |||||
| CVE-2025-25615 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | N/A | 2.7 LOW |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | |||||
| CVE-2024-37279 | 1 Elastic | 1 Kibana | 2025-03-13 | N/A | 4.3 MEDIUM |
| A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | |||||
| CVE-2024-31398 | 1 Cybozu | 1 Garoon | 2025-03-13 | N/A | 4.3 MEDIUM |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | |||||
| CVE-2024-27855 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-13 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user. | |||||
| CVE-2024-53075 | 1 Linux | 1 Linux Kernel | 2025-03-13 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: riscv: Prevent a bad reference count on CPU nodes When populating cache leaves we previously fetched the CPU device node at the very beginning. But when ACPI is enabled we go through a specific branch which returns early and does not call 'of_node_put' for the node that was acquired. Since we are not using a CPU device node for the ACPI code anyways, we can simply move the initialization of it just passed the ACPI block, and we are guaranteed to have an 'of_node_put' call for the acquired node. This prevents a bad reference count of the CPU device node. Moreover, the previous function did not check for errors when acquiring the device node, so a return -ENOENT has been added for that case. | |||||
| CVE-2024-3061 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-13 | N/A | 7.2 HIGH |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2023-23919 | 1 Nodejs | 1 Node.js | 2025-03-12 | N/A | 7.5 HIGH |
| A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. | |||||
| CVE-2022-48341 | 1 Thingsboard | 1 Thingsboard | 2025-03-12 | N/A | 8.8 HIGH |
| ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | |||||
| CVE-2025-27840 | 1 Espressif | 2 Esp32, Esp32 Firmware | 2025-03-12 | N/A | 6.8 MEDIUM |
| Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). | |||||
| CVE-2023-38122 | 1 Inductiveautomation | 1 Ignition | 2025-03-12 | N/A | 7.2 HIGH |
| Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-20539. | |||||
| CVE-2024-2281 | 1 Boyiddha | 1 Automated-mess-management-system | 2025-03-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-48305 | 1 Huawei | 2 Simba-al00, Simba-al00 Firmware | 2025-03-11 | N/A | 5.5 MEDIUM |
| There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail. | |||||
| CVE-2024-40706 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-11 | N/A | 5.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | |||||
| CVE-2023-23472 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-11 | N/A | 3.1 LOW |
| IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | |||||
| CVE-2024-0368 | 1 Wpmudev | 1 Hustle | 2025-03-11 | N/A | 8.6 HIGH |
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII. | |||||
| CVE-2022-2835 | 1 Coredns.io | 1 Coredns | 2025-03-07 | N/A | 4.4 MEDIUM |
| A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some internal services that were accessed by the FQDN in a format of <service>.<namespace>.svc. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||