Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21040 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A | |||||
| CVE-2023-21036 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A | |||||
| CVE-2023-20995 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279 | |||||
| CVE-2024-13421 | 1 Contempothemes | 1 Real Estate 7 | 2025-02-25 | N/A | 9.8 CRITICAL |
| The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account. | |||||
| CVE-2024-45519 | 1 Zimbra | 1 Collaboration | 2025-02-25 | N/A | 10.0 CRITICAL |
| The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | |||||
| CVE-2024-20953 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-02-25 | N/A | 8.8 HIGH |
| Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-3923 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-02-24 | N/A | 2.3 LOW |
| A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. | |||||
| CVE-2022-48349 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.1 CRITICAL |
| The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. | |||||
| CVE-2022-48348 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.1 CRITICAL |
| The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity. | |||||
| CVE-2022-48351 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 7.5 HIGH |
| The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-13525 | 1 Wpfactory | 1 Customer Email Verification For Woocommerce | 2025-02-24 | N/A | 6.5 MEDIUM |
| The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user. | |||||
| CVE-2025-0661 | 1 Detheme | 1 Dethemekit For Elementor | 2025-02-24 | N/A | 4.3 MEDIUM |
| The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, draft, or scheduled posts that they should not have access to by duplicating the post. | |||||
| CVE-2024-13600 | 1 Majesticsupport | 1 Majestic Support | 2025-02-24 | N/A | 7.5 HIGH |
| The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/majesticsupportdata directory which can contain file attachments included in support tickets. | |||||
| CVE-2022-24521 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2020-3259 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2022-20821 | 1 Cisco | 28 8201, 8202, 8208 and 25 more | 2025-02-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. | |||||
| CVE-2022-48353 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.8 CRITICAL |
| Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions. | |||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-02-24 | N/A | 8.2 HIGH |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | |||||
| CVE-2024-13609 | 1 1clickmigration | 1 1 Click Migration | 2025-02-21 | N/A | 5.9 MEDIUM |
| The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process. | |||||
| CVE-2024-12860 | 1 Carspot Project | 1 Carspot | 2025-02-21 | N/A | 9.8 CRITICAL |
| The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | |||||