Total
4076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43325 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43305 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access private information. | ||||
| CVE-2025-43285 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-43291 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-31269 | 1 Apple | 3 Macos, Macos Sonoma, Macos Tahoe | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-31270 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-43204 | 1 Apple | 1 Macos | 2025-09-17 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43207 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43208 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information. | ||||
| CVE-2025-43263 | 1 Apple | 1 Xcode | 2025-09-17 | 7.1 High |
| The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | ||||
| CVE-2025-24088 | 1 Apple | 1 Macos | 2025-09-17 | 7.5 High |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles. | ||||
| CVE-2025-24197 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-31268 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-10491 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2025-09-17 | 7.8 High |
| The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 | ||||
| CVE-2025-8841 | 2 Microservices-platform Project, Zlt2000 | 2 Microservices-platform, Microservices-platform | 2025-09-16 | 6.3 Medium |
| A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-35177 | 1 Wazuh | 1 Wazuh | 2025-09-16 | 7.8 High |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-8775 | 1 Qiyuesuo | 2 Eelectronic Signature Platform, Electronic Signature | 2025-09-16 | 6.3 Medium |
| A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8798 | 2 Oitcode, Samarium Project | 2 Samarium, Business Management System | 2025-09-16 | 7.3 High |
| A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56406 | 2 Neo4j, Neo4j-contrib | 2 Neo4j, Mcp-neo4j | 2025-09-16 | 7.5 High |
| An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local environment where authentication realistically would not be needed. Also, the Supplier provides middleware to help isolate the MCP server from external access (if needed). | ||||
| CVE-2025-10398 | 2025-09-15 | 6.3 Medium | ||
| A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||