Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 32078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-4665 1 Metagauss 1 Eventprime 2025-06-04 N/A 5.3 MEDIUM
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
CVE-2024-8700 1 Total-soft 1 Event Calendar 2025-06-04 N/A 7.5 HIGH
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
CVE-2025-1138 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2025-06-04 N/A 4.3 MEDIUM
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
CVE-2025-47697 1 Uchida 2 Wivia 5, Wivia 5 Firmware 2025-06-04 N/A 7.5 HIGH
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.
CVE-2024-10075 1 Automattic 1 Jetpack 2025-06-04 N/A 5.6 MEDIUM
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
CVE-2024-13241 1 Getopensocial 1 Open Social 2025-06-04 N/A 9.1 CRITICAL
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
CVE-2024-13240 1 Getopensocial 1 Open Social 2025-06-04 N/A 7.5 HIGH
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.
CVE-2025-40581 1 Siemens 2 Scalance Lpe9403, Scalance Lpe9403 Firmware 2025-06-04 N/A 7.1 HIGH
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters.
CVE-2024-23851 1 Linux 1 Linux Kernel 2025-06-04 N/A 5.5 MEDIUM
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
CVE-2024-23744 1 Arm 1 Mbed Tls 2025-06-04 N/A 7.5 HIGH
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
CVE-2024-23301 4 Fedoraproject, Redhat, Relax-and-recover and 1 more 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more 2025-06-04 N/A 5.5 MEDIUM
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
CVE-2024-23223 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-06-04 N/A 6.2 MEDIUM
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data.
CVE-2024-23210 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-06-04 N/A 3.3 LOW
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs.
CVE-2024-23208 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-06-04 N/A 7.8 HIGH
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges.
CVE-2024-23207 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-06-04 N/A 5.5 MEDIUM
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data.
CVE-2024-23180 1 Appleple 1 A-blog Cms 2025-06-04 N/A 8.8 HIGH
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
CVE-2022-34706 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-06-04 N/A 7.8 HIGH
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2022-34703 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-06-04 N/A 7.8 HIGH
Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2022-34701 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-06-04 N/A 7.5 HIGH
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
CVE-2025-24473 1 Fortinet 1 Forticlient 2025-06-04 N/A 3.7 LOW
A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)