Total
32124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44177 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. | |||||
| CVE-2024-44124 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing. | |||||
| CVE-2024-27805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-25 | N/A | 5.5 MEDIUM |
| An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. | |||||
| CVE-2024-20990 | 1 Oracle | 1 Applications Technology Stack | 2025-03-25 | N/A | 5.3 MEDIUM |
| Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2022-45192 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | |||||
| CVE-2022-40480 | 2 Microchip, Nordicsemi | 4 Dt100112, Dt100112 Firmware, Nrf5340-dk and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. | |||||
| CVE-2022-3229 | 2 Microsoft, Unifiedremote | 2 Windows, Unified Remote | 2025-03-25 | N/A | 9.8 CRITICAL |
| Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing. | |||||
| CVE-2024-21115 | 1 Oracle | 1 Vm Virtualbox | 2025-03-25 | N/A | 8.8 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2024-45653 | 1 Ibm | 1 Sterling Connect Direct Web Services | 2025-03-25 | N/A | 4.3 MEDIUM |
| IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. | |||||
| CVE-2021-39016 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | N/A | 4.3 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722. | |||||
| CVE-2025-24135 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 7.8 HIGH |
| This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges. | |||||
| CVE-2023-0751 | 1 Freebsd | 1 Freebsd | 2025-03-25 | N/A | 6.5 MEDIUM |
| When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. | |||||
| CVE-2022-48286 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-30564 | 1 Dahuasecurity | 194 Ipc-hf5241f-ze, Ipc-hf5241f-ze Firmware, Ipc-hf5442f-ze and 191 more | 2025-03-25 | N/A | 5.3 MEDIUM |
| Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. | |||||
| CVE-2024-13217 | 1 Jegtheme | 1 Jeg Elementor Kit | 2025-03-25 | N/A | 4.3 MEDIUM |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | |||||
| CVE-2024-54564 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-25 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. | |||||
| CVE-2023-28207 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A plug-in may be able to inherit app permissions and access user data. | |||||
| CVE-2024-42398 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-03-24 | N/A | 5.3 MEDIUM |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | |||||
| CVE-2024-27850 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-24 | N/A | 6.5 MEDIUM |
| This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. | |||||
| CVE-2022-48290 | 1 Huawei | 1 Harmonyos | 2025-03-24 | N/A | 9.1 CRITICAL |
| The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | |||||