Total
32116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21035 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-03-28 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-20992 | 1 Oracle | 1 Webcenter Portal | 2025-03-28 | N/A | 4.4 MEDIUM |
| Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2023-52540 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-42938 | 1 Apple | 1 Itunes | 2025-03-28 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges. | |||||
| CVE-2022-45320 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-03-28 | N/A | 6.3 MEDIUM |
| Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page. | |||||
| CVE-2024-43565 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-28 | N/A | 7.5 HIGH |
| Windows Network Address Translation (NAT) Denial of Service Vulnerability | |||||
| CVE-2024-30413 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-27895 | 1 Huawei | 1 Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2024-21050 | 2 Netapp, Oracle | 4 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 1 more | 2025-03-28 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-0014 | 1 Google | 1 Android | 2025-03-28 | N/A | 7.8 HIGH |
| In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52546 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-28826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-28 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data. | |||||
| CVE-2025-26622 | 1 Vyperlang | 1 Vyper | 2025-03-28 | N/A | 7.5 HIGH |
| vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-27104 | 1 Vyperlang | 1 Vyper | 2025-03-28 | N/A | 7.5 HIGH |
| vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-27103 | 1 Dataease | 1 Dataease | 2025-03-28 | N/A | 6.5 MEDIUM |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | |||||
| CVE-2025-2639 | 1 Jizhicms | 1 Jizhicms | 2025-03-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-4774 | 1 Mozilla | 1 Firefox | 2025-03-28 | N/A | 6.5 MEDIUM |
| The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126. | |||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-27605 | 1 Alldata | 1 Alldata | 2025-03-28 | N/A | 7.5 HIGH |
| Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system. | |||||
| CVE-2024-23272 | 1 Apple | 1 Macos | 2025-03-28 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system. | |||||