Total
32153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41613 | 1 Openrisc | 2 Mor1kx, Mor1kx Firmware | 2025-03-05 | N/A | 4.3 MEDIUM |
| An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR. | |||||
| CVE-2025-21769 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Add .owner to vmclock_miscdev_fops Without the .owner field, the module can be unloaded while /dev/vmclock0 is open, leading to an oops. | |||||
| CVE-2023-49978 | 1 Oretnom23 | 1 Customer Support System | 2025-03-05 | N/A | 8.8 HIGH |
| Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. | |||||
| CVE-2021-46876 | 1 Ibexa | 1 Ez Platform Kernel | 2025-03-05 | N/A | 5.3 MEDIUM |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. | |||||
| CVE-2024-27026 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix missing reserved tailroom Use rbi->len instead of rcd->len for non-dataring packet. Found issue: XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroom WARNING: CPU: 0 PID: 0 at net/core/xdp.c:586 xdp_warn+0xf/0x20 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 6.5.1 #1 RIP: 0010:xdp_warn+0xf/0x20 ... ? xdp_warn+0xf/0x20 xdp_do_redirect+0x15f/0x1c0 vmxnet3_run_xdp+0x17a/0x400 [vmxnet3] vmxnet3_process_xdp+0xe4/0x760 [vmxnet3] ? vmxnet3_tq_tx_complete.isra.0+0x21e/0x2c0 [vmxnet3] vmxnet3_rq_rx_complete+0x7ad/0x1120 [vmxnet3] vmxnet3_poll_rx_only+0x2d/0xa0 [vmxnet3] __napi_poll+0x20/0x180 net_rx_action+0x177/0x390 | |||||
| CVE-2023-30630 | 1 Nongnu | 1 Dmidecode | 2025-03-04 | N/A | 7.1 HIGH |
| Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly). | |||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 4.4 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | |||||
| CVE-2021-33639 | 1 Openatom | 1 Openeuler Kernel | 2025-03-04 | N/A | 7.5 HIGH |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | |||||
| CVE-2024-45426 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-03-04 | N/A | 4.9 MEDIUM |
| Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2024-13724 | 1 Wpswings | 1 Wallet System For Woocommerce | 2025-03-04 | N/A | 4.3 MEDIUM |
| The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets. | |||||
| CVE-2024-45417 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | N/A | 6.0 MEDIUM |
| Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. | |||||
| CVE-2025-21181 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-04 | N/A | 7.5 HIGH |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||||
| CVE-2024-4885 | 1 Progress | 1 Whatsup Gold | 2025-03-04 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | |||||
| CVE-2024-0819 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-03-03 | N/A | 7.3 HIGH |
| Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. | |||||
| CVE-2025-21371 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-03 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2023-24033 | 1 Samsung | 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more | 2025-03-03 | N/A | 7.5 HIGH |
| The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | |||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2025-03-03 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | |||||
| CVE-2023-24579 | 1 Mcafee | 1 Total Protection | 2025-03-03 | N/A | 5.5 MEDIUM |
| McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. | |||||
| CVE-2025-21126 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-03-03 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. An attacker could exploit this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-7412 | 1 Coffee2code | 1 No Update Nag | 2025-03-01 | N/A | 5.3 MEDIUM |
| The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | |||||