Total
319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40859 | 1 Apple | 1 Macos | 2025-03-25 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
| CVE-2024-27795 | 1 Apple | 1 Macos | 2025-03-25 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet. | ||||
| CVE-2022-48296 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 5.3 Medium |
| The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | ||||
| CVE-2022-48295 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | ||||
| CVE-2022-48301 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | ||||
| CVE-2024-40770 | 1 Apple | 1 Macos | 2025-03-24 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | ||||
| CVE-2024-28746 | 1 Apache | 1 Airflow | 2025-03-20 | 8.1 High |
| Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability | ||||
| CVE-2024-44188 | 1 Apple | 1 Macos | 2025-03-19 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-27858 | 1 Apple | 1 Macos | 2025-03-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-40831 | 1 Apple | 1 Macos | 2025-03-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library. | ||||
| CVE-2024-1726 | 1 Redhat | 1 Quarkus | 2025-03-15 | 5.3 Medium |
| A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | ||||
| CVE-2024-44193 | 1 Apple | 1 Itunes | 2025-03-13 | 8.4 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2023-52542 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 6.5 Medium |
| Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-56192 | 2025-03-12 | 7.8 High | ||
| In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-56191 | 2025-03-12 | 8.4 High | ||
| In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-25711 | 2025-03-12 | 8.8 High | ||
| An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint | ||||
| CVE-2023-25812 | 1 Minio | 1 Minio | 2025-03-10 | 6.5 Medium |
| Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-22738 | 1 Vantage6 | 1 Vantage6 | 2025-03-06 | 6.3 Medium |
| vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0. | ||||
| CVE-2024-56973 | 2025-02-28 | 9.8 Critical | ||
| Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. | ||||
| CVE-2025-0914 | 2025-02-27 | 3.8 Low | ||
| An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4. | ||||