Total
29607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28600 | 1 Zoom | 1 Zoom | 2025-01-02 | 5.2 Medium |
| Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. | ||||
| CVE-2022-26905 | 1 Microsoft | 1 Edge Chromium | 2025-01-02 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2024-31491 | 1 Fortinet | 1 Fortisandbox | 2025-01-02 | 8.6 High |
| A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. | ||||
| CVE-2023-48789 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 4.1 Medium |
| A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. | ||||
| CVE-2022-21899 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-01-02 | 5.5 Medium |
| Windows Extensible Firmware Interface Security Feature Bypass Vulnerability | ||||
| CVE-2024-7019 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-7282 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-7281 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-7020 | 1 Google | 1 Chrome | 2025-01-02 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-0104 | 1 Nvidia | 8 Mga100-hs2, Mlnx-gw, Mlnx-os and 5 more | 2024-12-26 | 4.2 Medium |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | ||||
| CVE-2024-0101 | 1 Nvidia | 13 Mellanox Os Firmware, Metro-3 Xc Firmware, Metrox-2 Firmware and 10 more | 2024-12-26 | 7.5 High |
| NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2023-7011 | 1 Google | 1 Chrome | 2024-12-26 | 6.5 Medium |
| Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2020-36700 | 1 King-theme | 1 Page Builder Kingcomposer | 2024-12-23 | 8.8 High |
| The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content. | ||||
| CVE-2023-0583 | 1 Vektor-inc | 1 Vk Blocks | 2024-12-20 | 4.3 Medium |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | ||||
| CVE-2023-0584 | 1 Vektor-inc | 1 Vk Blocks | 2024-12-20 | 4.3 Medium |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | ||||
| CVE-2019-25149 | 1 Robogallery | 1 Gallery Images Ape | 2024-12-20 | 7.6 High |
| The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security. | ||||
| CVE-2024-38304 | 1 Dell | 62 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 59 more | 2024-12-20 | 3.8 Low |
| Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-39584 | 1 Dell | 40 Alienware Area 51m R2, Alienware Area 51m R2 Firmware, Alienware Aurora R13 and 37 more | 2024-12-20 | 8.2 High |
| Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution. | ||||
| CVE-2023-21105 | 1 Google | 1 Android | 2024-12-18 | 5.5 Medium |
| In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568 | ||||
| CVE-2024-25634 | 1 Alf | 1 Alf | 2024-12-18 | 7.2 High |
| alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue. | ||||