Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23294 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution. | |||||
| CVE-2024-23263 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 10 Ipados, Iphone Os, Macos and 7 more | 2025-11-04 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2024-23246 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 8.6 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. | |||||
| CVE-2024-1481 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | |||||
| CVE-2023-49082 | 1 Aiohttp | 1 Aiohttp | 2025-11-04 | N/A | 5.3 MEDIUM |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | |||||
| CVE-2023-49081 | 1 Aiohttp | 1 Aiohttp | 2025-11-04 | N/A | 7.2 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | |||||
| CVE-2023-46047 | 1 Sane-project | 1 Sane Backends | 2025-11-04 | N/A | 7.3 HIGH |
| An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. | |||||
| CVE-2025-43348 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks. | |||||
| CVE-2024-3096 | 2 Debian, Php | 2 Debian Linux, Php | 2025-11-04 | N/A | 6.5 MEDIUM |
| In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. | |||||
| CVE-2024-2756 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. | |||||
| CVE-2022-31629 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2025-11-04 | N/A | 6.5 MEDIUM |
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | |||||
| CVE-2025-43430 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43427 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2024-25641 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-11-04 | N/A | 9.1 CRITICAL |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. | |||||
| CVE-2023-32633 | 2025-11-04 | N/A | 6.7 MEDIUM | ||
| Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-43365 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 2.8 LOW |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes. | |||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2025-11-04 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2025-43401 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.5 HIGH |
| A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A remote attacker may be able to cause a denial-of-service. | |||||
| CVE-2025-43472 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to gain root privileges. | |||||
| CVE-2016-7406 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-11-04 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | |||||