Total
32078 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4665 | 1 Metagauss | 1 Eventprime | 2025-06-04 | N/A | 5.3 MEDIUM |
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. | |||||
CVE-2024-8700 | 1 Total-soft | 1 Event Calendar | 2025-06-04 | N/A | 7.5 HIGH |
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. | |||||
CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-04 | N/A | 4.3 MEDIUM |
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | |||||
CVE-2025-47697 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 7.5 HIGH |
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user. | |||||
CVE-2024-10075 | 1 Automattic | 1 Jetpack | 2025-06-04 | N/A | 5.6 MEDIUM |
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block. | |||||
CVE-2024-13241 | 1 Getopensocial | 1 Open Social | 2025-06-04 | N/A | 9.1 CRITICAL |
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | |||||
CVE-2024-13240 | 1 Getopensocial | 1 Open Social | 2025-06-04 | N/A | 7.5 HIGH |
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | |||||
CVE-2025-40581 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | N/A | 7.1 HIGH |
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. | |||||
CVE-2024-23851 | 1 Linux | 1 Linux Kernel | 2025-06-04 | N/A | 5.5 MEDIUM |
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. | |||||
CVE-2024-23744 | 1 Arm | 1 Mbed Tls | 2025-06-04 | N/A | 7.5 HIGH |
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | |||||
CVE-2024-23301 | 4 Fedoraproject, Redhat, Relax-and-recover and 1 more | 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more | 2025-06-04 | N/A | 5.5 MEDIUM |
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | |||||
CVE-2024-23223 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-04 | N/A | 6.2 MEDIUM |
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data. | |||||
CVE-2024-23210 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-04 | N/A | 3.3 LOW |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs. | |||||
CVE-2024-23208 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-04 | N/A | 7.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2024-23207 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-04 | N/A | 5.5 MEDIUM |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data. | |||||
CVE-2024-23180 | 1 Appleple | 1 A-blog Cms | 2025-06-04 | N/A | 8.8 HIGH |
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file. | |||||
CVE-2022-34706 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | N/A | 7.8 HIGH |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | |||||
CVE-2022-34703 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-04 | N/A | 7.8 HIGH |
Windows Partition Management Driver Elevation of Privilege Vulnerability | |||||
CVE-2022-34701 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | N/A | 7.5 HIGH |
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | |||||
CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2025-06-04 | N/A | 3.7 LOW |
A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) |