Total
32153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | |||||
| CVE-2024-53067 | 1 Linux | 1 Linux Kernel | 2025-03-07 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence, only start the RTC update work after runtime power management in the UFS driver has been fully initialized. This patch fixes the following kernel crash: Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/0x9c (L) pm_runtime_get_if_active+0x24/0x9c ufshcd_rtc_work+0x138/0x1b4 process_one_work+0x148/0x288 worker_thread+0x2cc/0x3d4 kthread+0x110/0x114 ret_from_fork+0x10/0x20 | |||||
| CVE-2022-45608 | 1 Thingsboard | 1 Thingsboard | 2025-03-07 | N/A | 8.8 HIGH |
| An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value). | |||||
| CVE-2022-45553 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 9.8 CRITICAL |
| An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. | |||||
| CVE-2022-38734 | 1 Netapp | 1 Storagegrid | 2025-03-07 | N/A | 7.5 HIGH |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to to a crash of the Local Distribution Router (LDR) service. | |||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | |||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | |||||
| CVE-2021-27059 | 1 Microsoft | 1 Office | 2025-03-07 | 8.5 HIGH | 7.6 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2022-41862 | 3 Fedoraproject, Postgresql, Redhat | 6 Fedora, Postgresql, Enterprise Linux and 3 more | 2025-03-07 | N/A | 3.7 LOW |
| In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. | |||||
| CVE-2019-7238 | 1 Sonatype | 1 Nexus | 2025-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. | |||||
| CVE-2018-20062 | 1 5none | 1 Nonecms | 2025-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. | |||||
| CVE-2024-31991 | 1 Mealie | 1 Mealie | 2025-03-07 | N/A | 4.1 MEDIUM |
| Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it, add any restrictions on the URL that can be provided, nor is it restricted to being an FQDN (i.e., an IP address can be provided). As this function’s return will be handled differently by its caller depending on the response, it is possible for an attacker to use this functionality to positively identify HTTP(s) servers on the local network with any IP/port combination. This issue can result in any authenticated user being able to map HTTP servers on a local network that the Mealie service has access to. Note that by default any user can create an account on a Mealie server, and that the default changeme@example.com user is available with its hard-coded password. This vulnerability is fixed in 1.4.0. | |||||
| CVE-2024-12584 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2025-03-06 | N/A | 4.3 MEDIUM |
| The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | |||||
| CVE-2024-13796 | 1 Pickplugins | 1 Post Grid | 2025-03-06 | N/A | 5.3 MEDIUM |
| The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data. | |||||
| CVE-2022-48364 | 1 Joinmastodon | 1 Mastodon | 2025-03-06 | N/A | 4.3 MEDIUM |
| The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | |||||
| CVE-2024-53244 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-06 | N/A | 5.7 MEDIUM |
| In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | |||||
| CVE-2024-53245 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-06 | N/A | 3.1 LOW |
| In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. | |||||
| CVE-2025-0764 | 1 Gvectors | 1 Wpforo Forum | 2025-03-06 | N/A | 6.5 MEDIUM |
| The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server. | |||||
| CVE-2023-27574 | 1 Shadowsocks | 1 Shadowsocksx-ng | 2025-03-06 | N/A | 9.8 CRITICAL |
| ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | |||||
| CVE-2023-27567 | 1 Openbsd | 1 Openbsd | 2025-03-06 | N/A | 7.5 HIGH |
| In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | |||||