Total
306396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43221 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-31 | N/A | 7.1 HIGH |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, visionOS 2.6, tvOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-43220 | 1 Apple | 2 Ipados, Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data. | |||||
| CVE-2025-43197 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 4.0 MEDIUM |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data. | |||||
| CVE-2025-43196 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges. | |||||
| CVE-2025-43195 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 5.5 MEDIUM |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data. | |||||
| CVE-2025-43194 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-43227 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-31 | N/A | 7.5 HIGH |
| This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2025-43226 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-31 | N/A | 4.0 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6. Processing a maliciously crafted image may result in disclosure of process memory. | |||||
| CVE-2024-27247 | 1 Zoom | 1 Zoom | 2025-07-31 | N/A | 5.5 MEDIUM |
| Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-27242 | 1 Zoom | 1 Zoom | 2025-07-31 | N/A | 4.1 MEDIUM |
| Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-24694 | 1 Zoom | 1 Zoom | 2025-07-31 | N/A | 5.9 MEDIUM |
| Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-27105 | 1 Frappe | 1 Frappe | 2025-07-31 | N/A | 8.1 HIGH |
| Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2024-24813 | 1 Frappe | 1 Frappe | 2025-07-31 | N/A | 7.5 HIGH |
| Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2025-51569 | 2025-07-31 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to inject arbitrary JavaScript, which is executed in the context of the router's origin when the crafted URL is accessed. The issue requires user interaction to exploit. | |||||
| CVE-2025-50270 | 2025-07-31 | N/A | 6.1 MEDIUM | ||
| A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, categoryTitle, and tmpTag parameters. | |||||
| CVE-2025-4057 | 2025-07-31 | N/A | 5.5 MEDIUM | ||
| A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | |||||
| CVE-2025-29557 | 2025-07-31 | N/A | 5.4 MEDIUM | ||
| ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords. | |||||
| CVE-2025-29556 | 2025-07-31 | N/A | 7.3 HIGH | ||
| ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval. | |||||
| CVE-2024-34328 | 2025-07-31 | N/A | 6.3 MEDIUM | ||
| An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL. | |||||
| CVE-2025-43218 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||