Export limit exceeded: 335532 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7707 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24169 | 1 Apple | 2 Macos, Safari | 2025-11-03 | 7.5 High |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication. | ||||
| CVE-2025-24145 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-03 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs. | ||||
| CVE-2025-24136 | 1 Apple | 1 Macos | 2025-11-03 | 4.4 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
| CVE-2025-24104 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2025-24103 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data. | ||||
| CVE-2024-53832 | 2025-11-03 | 4.6 Medium | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. | ||||
| CVE-2025-54798 | 1 Raszi | 2 Node-tmp, Tmp | 2025-11-03 | 2.5 Low |
| tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||||
| CVE-2025-52936 | 2025-11-03 | N/A | ||
| Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2. | ||||
| CVE-2025-43252 | 1 Apple | 2 Macos, Macos Sequoia | 2025-11-03 | 6.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks. | ||||
| CVE-2025-43225 | 1 Apple | 5 Ipados, Macos, Macos Sequoia and 2 more | 2025-11-03 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to access sensitive user data. | ||||
| CVE-2025-43220 | 1 Apple | 5 Ipados, Macos, Macos Sequoia and 2 more | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data. | ||||
| CVE-2025-31213 | 1 Apple | 2 Ipados, Macos | 2025-11-03 | 7.6 High |
| A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain. | ||||
| CVE-2025-27650 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. | ||||
| CVE-2025-27648 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003. | ||||
| CVE-2024-51058 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | 6.2 Medium |
| Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information. | ||||
| CVE-2024-12905 | 1 Redhat | 2 Openshift Devspaces, Rhdh | 2025-11-03 | 7.5 High |
| An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. | ||||
| CVE-2022-41859 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-11-03 | 7.5 High |
| In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. | ||||
| CVE-2021-32050 | 1 Mongodb | 5 C\+\+, C Driver, Node.js and 2 more | 2025-11-03 | 4.2 Medium |
| Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). | ||||
| CVE-2021-28216 | 1 Tianocore | 1 Edk Ii | 2025-11-03 | 7.8 High |
| BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | ||||
| CVE-2025-9964 | 1 Novakon | 1 P Series | 2025-11-03 | N/A |
| No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2. | ||||