Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2025-3062 - Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3062
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3061 - Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3061
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3060 - Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3060
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3059 - Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3059
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3040 - A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3040
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3039 - A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the argument lname/fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3039
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3038 - A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the argument salary_rate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3038
Partager : LinkedIn / Twitter / Facebook

CVE-2025-3037 - A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-3037
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31194 - An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31194
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31192 - The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31192
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31191 - This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31191
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31188 - A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to bypass Privacy preferences.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31188
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31187 - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31187
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31184 - This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31184
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31183 - The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31183
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31182 - This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31182
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30471 - A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30471
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30470 - A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to read sensitive location information.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30470
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30469 - This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30469
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30467 - The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30467
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30465 - A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30465
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30464 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30464
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30463 - The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30463
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30462 - A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30462
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30461 - An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30461
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30460 - A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30460
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30458 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30458
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30457 - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to create symlinks to protected regions of the disk.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30457
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30456 - A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30456
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30455 - The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30455
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30454 - A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30454
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30452 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An input validation issue was addressed.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30452
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30451 - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30451
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30450 - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30450
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30449 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30449
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30447 - The issue was resolved by sanitizing logging This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30447
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30446 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app with root privileges may be able to modify the contents of system files.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30446
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30444 - A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30444
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30443 - A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30443
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30441 - This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30441
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30439 - The issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An attacker with physical access to a locked device may be able to view sensitive user information.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30439
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30438 - This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30438
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30437 - The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30437
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30435 - This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30435
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30434 - The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30434
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30433 - This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30433
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30432 - A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30432
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30430 - This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30430
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30429 - A path handling issue was addressed with improved validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30429
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30428 - This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30428
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30427 - A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30427
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30426 - This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to enumerate a user's installed apps.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30426
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30425 - This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30425
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30424 - A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose user contact information in system logging.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30424
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24283 - A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24283
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24282 - A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24282
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24281 - This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24281
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24280 - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24280
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24279 - This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24279
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24278 - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24278
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24277 - A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24277
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24276 - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24276
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24273 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24273
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24272 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24272
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24269 - The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24269
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24267 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24267
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24266 - A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24266
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24265 - An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24265
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24264 - The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24264
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24263 - A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24263
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24262 - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24262
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24261 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24261
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24260 - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24260
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24259 - This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24259
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24257 - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24257
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24256 - The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to disclose kernel memory.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24256
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24255 - A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24255
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24254 - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24254
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24253 - This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24253
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24250 - This issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24250
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24249 - A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24249
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24248 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24248
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24247 - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24247
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24246 - An injection issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24246
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24245 - This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24245
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24244 - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24244
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24243 - The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24243
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24242 - This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24242
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24241 - A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24241
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24240 - A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24240
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24239 - A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24239
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24238 - A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain elevated privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24238
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24237 - A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24237
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24236 - An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24236
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24235 - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24235
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24234 - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to gain root privileges.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24234
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24233 - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24233
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24232 - This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24232
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24231 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24231
Partager : LinkedIn / Twitter / Facebook

CVE-2025-24230 - An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination.
31/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-24230
Partager : LinkedIn / Twitter / Facebook

Soutenez No Hack Me sur Tipeee

Les annonces ayant été modifiées dernièrement

CVE-2025-2963 - A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. This issue affects the function addEditQuestion of the component Legacy Form Block Handler. The manipulation of the argument Question leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2963
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13804 - Vulnerability in Hewlett Packard Enterprise HPE Insight Cluster Management Utility (CMU).This issue affects HPE Insight Cluster Management Utility (CMU): 8.2.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-13804
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2960 - A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2960
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2959 - A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2959
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2954 - A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2954
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2953 - A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2953
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2952 - A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2952
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2951 - A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2951
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1219 - In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1219
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1217 - In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-1217
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28096 - OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28096
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28094 - shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28094
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28093 - ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28093
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28092 - ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28092
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28091 - maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28091
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28090 - maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28090
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28089 - maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28089
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28087 - Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28087
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25579 - TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25579
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2927 - A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2927
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28256 - An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28256
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31160 - atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-31160
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2787 - KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2787
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30217 - Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known workarounds are available.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-30217
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2732 - A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2732
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2731 - A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2731
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2730 - A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2730
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2729 - A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2729
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2728 - A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2728
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2727 - A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2727
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2726 - A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2726
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2725 - A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2725
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0927 - In the Linux kernel, the following vulnerability has been found: A heap overflow in the hfs and hfsplus filesystems can happen if a user mounts a manually crafted filesystem. At this point in time, it is not fixed in any released kernel version, this is a stop-gap report to notify that kernel.org is now the owner of this CVE id. The Linux kernel CVE team has been assigned CVE-2025-0927 as it was incorrectly created by a different CNA that really should have known better to not have done this.to this issue.
31/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-0927
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31101 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-31101
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31031 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Job Colors for WP Job Manager allows Stored XSS.This issue affects Job Colors for WP Job Manager: from n/a through 1.0.4.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-31031
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2888 - During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2888
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2887 - During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2887
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2886 - Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2886
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2885 - Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2885
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2878 - A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leads to cross site scripting. The attack can be launched remotely. Upgrading to version 13.0.179 is able to address this issue. It is recommended to upgrade the affected component.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2878
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28253 - Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $_POST['sites'], $_POST['clients'], and $_POST['search'] is passed into the MainWP_User::render_table function. Despite using sanitize_text_field and wp_unslash, the values are not adequately protected against HTML or script injection. This flaw could allow an attacker to inject malicious scripts.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28253
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26898 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26898
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26733 - Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26733
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22740 - Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-22740
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22739 - Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-22739
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55070 - A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-55070
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30093 - HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-30093
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29306 - An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29306
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55073 - A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-55073
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55072 - A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-55072
Partager : LinkedIn / Twitter / Facebook