Total
2623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21071 | 1 Oracle | 1 Workflow | 2025-03-26 | N/A | 9.1 CRITICAL |
| Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2024-20952 | 3 Debian, Netapp, Oracle | 9 Debian Linux, Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent and 6 more | 2025-03-26 | N/A | 7.4 HIGH |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2023-0661 | 1 Devolutions | 1 Devolutions Server | 2025-03-25 | N/A | 6.5 MEDIUM |
| Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | |||||
| CVE-2024-27803 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | N/A | 2.4 LOW |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen. | |||||
| CVE-2024-23266 | 1 Apple | 1 Macos | 2025-03-25 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | |||||
| CVE-2024-46430 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. | |||||
| CVE-2025-2216 | 1 Zzskzy | 1 Warehouse Refinement Management System | 2025-03-25 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2218 | 1 Lovecards | 1 Lovecards | 2025-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2219 | 1 Lovecards | 1 Lovecards | 2025-03-25 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30138 | 2025-03-25 | N/A | 4.6 MEDIUM | ||
| An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure. | |||||
| CVE-2025-30141 | 2025-03-25 | N/A | 7.5 HIGH | ||
| An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092's RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner's knowledge. | |||||
| CVE-2025-30140 | 2025-03-25 | N/A | 7.5 HIGH | ||
| An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks. | |||||
| CVE-2024-24300 | 1 4ipnet | 2 Eap-767, Eap-767 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
| 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged. | |||||
| CVE-2024-21115 | 1 Oracle | 1 Vm Virtualbox | 2025-03-25 | N/A | 8.8 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-30564 | 1 Dahuasecurity | 194 Ipc-hf5241f-ze, Ipc-hf5241f-ze Firmware, Ipc-hf5442f-ze and 191 more | 2025-03-25 | N/A | 5.3 MEDIUM |
| Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. | |||||
| CVE-2023-24688 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | N/A | 5.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. | |||||
| CVE-2025-2687 | 1 Janobe | 1 Elearning System | 2025-03-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-1343 | 1 Laborofficefree | 1 Laborofficefree | 2025-03-24 | N/A | 4.7 MEDIUM |
| A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'. | |||||
| CVE-2024-54559 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to access sensitive user data. | |||||