Total
4253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45209 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | 5.3 Medium |
| An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-44031 | 2 Reprise, Reprisesoftware | 2 License Manager, Reprise License Manager | 2025-11-04 | 7.5 High |
| Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | ||||
| CVE-2023-43491 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-11-04 | 5.3 Medium |
| An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-43318 | 1 Tp-link | 2 Tl-sg2210p, Tl-sg2210p Firmware | 2025-11-04 | 8.8 High |
| TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. | ||||
| CVE-2023-40528 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences. | ||||
| CVE-2023-38945 | 1 Multilaser | 6 Re160, Re160 Firmware, Re160v and 3 more | 2025-11-04 | 8.8 High |
| Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL. | ||||
| CVE-2023-29051 | 1 Open-xchange | 1 Ox App Suite | 2025-11-04 | 8.1 High |
| User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known. | ||||
| CVE-2025-43498 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-04 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43396 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-11-04 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A sandboxed app may be able to access sensitive user data. | ||||
| CVE-2025-43477 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-11-04 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43322 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-11-04 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43334 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-11-04 | 5.5 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-40822 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | 2.4 Low |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access contacts from the lock screen. | ||||
| CVE-2024-40812 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. | ||||
| CVE-2024-40786 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information. | ||||
| CVE-2019-20462 | 2025-11-04 | 5.3 Medium | ||
| An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used. | ||||
| CVE-2024-40825 | 1 Apple | 2 Macos, Visionos | 2025-11-04 | 6 Medium |
| The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files. | ||||
| CVE-2024-30261 | 3 Fedoraproject, Nodejs, Redhat | 3 Fedora, Undici, Openshift Devspaces | 2025-11-04 | 2.6 Low |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | ||||
| CVE-2025-43309 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2025-11-04 | 2.4 Low |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | ||||
| CVE-2024-45519 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2025-11-04 | 10 Critical |
| The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | ||||