Total
349 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2157 | 1 Redhat | 1 Satellite | 2025-11-21 | 3.3 Low |
| A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively. | ||||
| CVE-2024-10041 | 2 Linux-pam, Redhat | 3 Linux-pam, Enterprise Linux, Rhel Eus | 2025-11-20 | 4.7 Medium |
| A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | ||||
| CVE-2025-2241 | 1 Redhat | 2 Acm, Multicluster Engine | 2025-11-20 | 8.2 High |
| A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract sensitive credentials even if they do not have direct access to Kubernetes Secrets. This issue can lead to unauthorized VCenter access, cluster management, and privilege escalation. | ||||
| CVE-2025-34189 | 4 Apple, Linux, Printerlogic and 1 more | 6 Macos, Linux Kernel, Vasion Print and 3 more | 2025-11-17 | 7.8 High |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security. | ||||
| CVE-2025-12539 | 1 Wordpress | 1 Wordpress | 2025-11-14 | 10 Critical |
| The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the "Tnc_Wp_Toolbox_Settings::save_settings" function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment. | ||||
| CVE-2023-42913 | 1 Apple | 1 Macos | 2025-11-04 | 8.8 High |
| This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions. | ||||
| CVE-2023-42878 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-11-04 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | ||||
| CVE-2023-42840 | 1 Apple | 1 Macos | 2025-11-04 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data. | ||||
| CVE-2023-42839 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2025-11-04 | 6.2 Medium |
| This issue was addressed with improved state management. This issue is fixed in tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | ||||
| CVE-2023-42823 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 2.7 Low |
| The issue was resolved by sanitizing logging This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23290 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 5.3 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-23241 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2025-11-04 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information. | ||||
| CVE-2024-23232 | 1 Apple | 1 Macos | 2025-11-04 | 3.3 Low |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. | ||||
| CVE-2024-23217 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | 3.3 Low |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2024-23205 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2025-11-04 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data. | ||||
| CVE-2024-40832 | 1 Apple | 1 Macos | 2025-11-04 | 3.3 Low |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. | ||||
| CVE-2024-40813 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-11-04 | 4.6 Medium |
| A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sensitive user data. | ||||
| CVE-2019-20469 | 2025-11-04 | 4.6 Medium | ||
| An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable. | ||||
| CVE-2025-43203 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-11-04 | 4 Medium |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note. | ||||
| CVE-2024-54504 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | ||||