Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5691 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-03-19 | N/A | 4.7 MEDIUM |
| By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2025-03-19 | N/A | 9.9 CRITICAL |
| In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2024-0029 | 1 Google | 1 Android | 2025-03-14 | N/A | 7.8 HIGH |
| In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-33150 | 1 Microsoft | 3 365 Apps, Office, Word | 2025-02-28 | N/A | 9.6 CRITICAL |
| Microsoft Office Security Feature Bypass Vulnerability | |||||
| CVE-2021-31982 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-38157 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-29354 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 4.7 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-28286 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.1 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2023-28284 | 1 Microsoft | 1 Edge | 2025-02-28 | N/A | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2024-13794 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-02-25 | N/A | 5.3 MEDIUM |
| The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location. | |||||
| CVE-2023-21024 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238 | |||||
| CVE-2023-4039 | 1 Gnu | 1 Gcc | 2025-02-13 | N/A | 4.8 MEDIUM |
| **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. | |||||
| CVE-2022-33942 | 1 Intel | 1 Data Center Manager | 2025-02-05 | N/A | 8.8 HIGH |
| Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2021-33081 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2025-02-05 | N/A | 7.9 HIGH |
| Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33079 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2025-02-05 | N/A | 4.1 MEDIUM |
| Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2025-21217 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 6.5 MEDIUM |
| Windows NTLM Spoofing Vulnerability | |||||
| CVE-2025-21211 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-27 | N/A | 6.8 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2025-21276 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 7.5 HIGH |
| Windows MapUrlToZone Denial of Service Vulnerability | |||||
| CVE-2025-0575 | 2025-01-19 | 3.4 LOW | 3.9 LOW | ||
| A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11734 | 2025-01-14 | N/A | 6.5 MEDIUM | ||
| A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request. | |||||