40449 matches found
CVE-2024-37514
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArtistScope CopySafe Web Protection allows Stored XSS.This issue affects CopySafe Web Protection: from n/a through 3.14...
CVE-2024-4013
A bug exists in the API, meshnodepoweroff, which fails to copy the contents of the Replay Protection List RPL from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning...
CVE-2024-40843
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system...
CVE-2024-40860
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. An app may be able to modify protected parts of the file system...
CVE-2024-40800
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system...
CVE-2024-39290
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book...
SUSE-SU-2025:20344-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. - CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in...
CVE-2024-39925
An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...
CVE-2024-0620
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...
CVE-2024-8311
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template...
CVE-2024-44196
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to modify protected parts of the file system...
SUSE-SU-2025:20343-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. - CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconne...
CVE-2024-54851
Teedy = 1.12 is vulnerable to Cross Site Request Forgery CSRF, due to the lack of CSRF protection...
CVE-2024-38320
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-11768
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download...
CVE-2024-44136
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection...
CVE-2024-56438
Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2024-49422
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability...
CVE-2024-54491
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location...
CVE-2024-44243
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system...