Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42862 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences. | |||||
| CVE-2022-42861 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 8.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox. | |||||
| CVE-2022-32945 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 4.3 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | |||||
| CVE-2022-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | N/A | 5.5 MEDIUM |
| This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. | |||||
| CVE-2022-42859 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-21 | N/A | 5.5 MEDIUM |
| Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences. | |||||
| CVE-2022-42853 | 1 Apple | 1 Macos | 2025-04-21 | N/A | 5.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-3790 | 2025-04-21 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32796 | 2025-04-21 | N/A | 6.5 MEDIUM | ||
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps. | |||||
| CVE-2025-3807 | 2025-04-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in zhenfeng13 My-BBS 1.0. This affects the function Upload of the file src/main/java/com/my/bbs/controller/common/UploadController.java of the component Endpoint. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3798 | 2025-04-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32795 | 2025-04-21 | N/A | 6.5 MEDIUM | ||
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a security risk to the integrity of the application. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details. | |||||
| CVE-2025-32790 | 2025-04-21 | N/A | 6.3 MEDIUM | ||
| Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13. | |||||
| CVE-2025-3830 | 2025-04-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |||||
| CVE-2016-8444 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. | |||||
| CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| stalin 0.11-5 allows local users to write to arbitrary files. | |||||
| CVE-2016-7032 | 1 Todd Miller | 1 Sudo | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | |||||
| CVE-2016-3729 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | |||||
| CVE-2016-10042 | 1 Arcadyan | 2 Swisscom Internet-box, Swisscom Internet-box Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure. | |||||
| CVE-2014-8362 | 1 Vivint | 2 Sky Control Panel, Sky Control Panel Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | |||||