Total
32135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43939 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-03-13 | N/A | 8.6 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. | |||||
| CVE-2021-47112 | 1 Linux | 1 Linux Kernel | 2025-03-13 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all these features to make sure hypervisor doesn't write to stale locations after we jump to the previously hibernated kernel (which can try to place anything there). For secondary CPUs the job is already done by kvm_cpu_down_prepare(), register syscore ops to do the same for boot CPU. | |||||
| CVE-2021-47124 | 1 Linux | 1 Linux Kernel | 2025-03-13 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: io_uring: fix link timeout refs WARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 RIP: 0010:refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] io_put_req fs/io_uring.c:2140 [inline] io_queue_linked_timeout fs/io_uring.c:6300 [inline] __io_queue_sqe+0xbef/0xec0 fs/io_uring.c:6354 io_submit_sqe fs/io_uring.c:6534 [inline] io_submit_sqes+0x2bbd/0x7c50 fs/io_uring.c:6660 __do_sys_io_uring_enter fs/io_uring.c:9240 [inline] __se_sys_io_uring_enter+0x256/0x1d60 fs/io_uring.c:9182 io_link_timeout_fn() should put only one reference of the linked timeout request, however in case of racing with the master request's completion first io_req_complete() puts one and then io_put_req_deferred() is called. | |||||
| CVE-2025-24134 | 1 Apple | 1 Macos | 2025-03-13 | N/A | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. | |||||
| CVE-2024-40818 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-13 | N/A | 4.6 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An attacker with physical access may be able to use Siri to access sensitive user data. | |||||
| CVE-2024-40787 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-13 | N/A | 7.1 HIGH |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. | |||||
| CVE-2024-37370 | 1 Mit | 1 Kerberos 5 | 2025-03-13 | N/A | 7.5 HIGH |
| In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. | |||||
| CVE-2024-2629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | N/A | 4.3 MEDIUM |
| Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-27830 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-13 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. | |||||
| CVE-2024-1330 | 1 Kadencewp | 1 Kadence Blocks Pro | 2025-03-13 | N/A | 4.3 MEDIUM |
| The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. | |||||
| CVE-2024-46958 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2025-03-13 | N/A | 9.1 CRITICAL |
| In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4. | |||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2025-03-13 | N/A | 7.5 HIGH |
| This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | |||||
| CVE-2024-37768 | 1 B1ackc4t | 1 14finger | 2025-03-13 | N/A | 9.1 CRITICAL |
| 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | |||||
| CVE-2024-31611 | 1 Seacms | 1 Seacms | 2025-03-13 | N/A | 9.1 CRITICAL |
| SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | |||||
| CVE-2024-27884 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-13 | N/A | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data. | |||||
| CVE-2024-27809 | 1 Apple | 1 Macos | 2025-03-13 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. | |||||
| CVE-2025-26643 | 1 Microsoft | 1 Edge Chromium | 2025-03-13 | N/A | 5.4 MEDIUM |
| The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2019-10758 | 1 Mongo-express Project | 1 Mongo-express | 2025-03-13 | 9.0 HIGH | 9.9 CRITICAL |
| mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. | |||||
| CVE-2024-9965 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-13 | N/A | 8.8 HIGH |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-5840 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | N/A | 6.5 MEDIUM |
| Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | |||||