Total
2480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27933 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 5.4 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public | |||||
| CVE-2025-30179 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries. | |||||
| CVE-2025-24920 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels | |||||
| CVE-2023-24029 | 1 Progress | 1 Ws Ftp Server | 2025-03-26 | N/A | 7.2 HIGH |
| In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | |||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 4.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | |||||
| CVE-2023-52538 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 9.1 CRITICAL |
| Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-40530 | 2025-03-24 | N/A | 7.5 HIGH | ||
| A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | |||||
| CVE-2024-44305 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges. | |||||
| CVE-2025-24099 | 1 Apple | 1 Macos | 2025-03-24 | N/A | 5.1 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges. | |||||
| CVE-2024-44136 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-22 | N/A | 4.6 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection. | |||||
| CVE-2024-2098 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 7.5 HIGH |
| The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files. | |||||
| CVE-2025-27138 | 1 Dataease | 1 Dataease | 2025-03-21 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | |||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2025-03-20 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | |||||
| CVE-2024-36265 | 1 Apache | 1 Submarine | 2025-03-19 | N/A | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-57032 | 1 Wegia | 1 Wegia | 2025-03-19 | N/A | 9.8 CRITICAL |
| WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. | |||||
| CVE-2023-24485 | 1 Citrix | 1 Workspace | 2025-03-19 | N/A | 7.8 HIGH |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | |||||
| CVE-2025-25040 | 2025-03-18 | N/A | 3.3 LOW | ||
| A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability. | |||||
| CVE-2023-23064 | 1 Totolink | 2 A720r, A720r Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. | |||||
| CVE-2021-32163 | 1 Linuxfoundation | 1 Modular Open Smart Network | 2025-03-18 | N/A | 9.8 CRITICAL |
| Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | |||||