Total
285209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1428 | 2025-03-13 | 7.8 High | ||
| A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-1427 | 2025-03-13 | 7.8 High | ||
| A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-9965 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-03-13 | 8.8 High |
| Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-9042 | 2025-03-13 | 5.9 Medium | ||
| This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. | ||||
| CVE-2024-7211 | 1 1e | 1 Platform | 2025-03-13 | 4.7 Medium |
| The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix. | ||||
| CVE-2024-5840 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | 6.5 Medium |
| Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-53406 | 2025-03-13 | N/A | ||
| Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks. | ||||
| CVE-2024-51208 | 1 Phpgurukul | 1 Boat Booking System | 2025-03-13 | 7.2 High |
| File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter. | ||||
| CVE-2024-4777 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-03-13 | 7.5 High |
| Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||||
| CVE-2024-45334 | 2 Trend Micro Inc, Trendmicro | 2 Antivirus One, Antivirus One | 2025-03-13 | 7.8 High |
| Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | ||||
| CVE-2024-41183 | 1 Trend Micro Inc | 1 Vpn Consumer | 2025-03-13 | 7.8 High |
| Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges. | ||||
| CVE-2024-40779 | 2 Apple, Redhat | 12 Ipados, Iphone Os, Macos and 9 more | 2025-03-13 | 5.5 Medium |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2024-36787 | 1 Netgear | 1 Wnr614 Firmware | 2025-03-13 | 8.8 High |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | ||||
| CVE-2024-35522 | 1 Netgear | 3 Ex3700, Ex3700 Ac750, Ex3700 Firmware | 2025-03-13 | 8.4 High |
| Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | ||||
| CVE-2024-35517 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2025-03-13 | 8.4 High |
| Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | ||||
| CVE-2024-34577 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2025-03-13 | 4.6 Medium |
| Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | ||||
| CVE-2024-33895 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2025-03-13 | 6.6 Medium |
| Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device. | ||||
| CVE-2024-33329 | 1 Lumis | 1 Lumis Experience Platform | 2025-03-13 | 7.5 High |
| A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. | ||||
| CVE-2024-31949 | 2025-03-13 | 6.5 Medium | ||
| In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. | ||||
| CVE-2024-31869 | 1 Apache | 1 Airflow | 2025-03-13 | 5.3 Medium |
| Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page. | ||||