Total
3984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20397 | 2025-04-08 | 5.2 Medium | ||
| A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. | ||||
| CVE-2025-2993 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2995 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2996 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-22903 | 1 Librephotos Project | 1 Librephotos | 2025-04-07 | 9.8 Critical |
| api/views/user.py in LibrePhotos before e19e539 has incorrect access control. | ||||
| CVE-2024-53573 | 1 Changeweb | 1 Unifiedtransform | 2025-04-07 | 9.8 Critical |
| Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}. | ||||
| CVE-2025-3324 | 1 Godcheese | 1 Nimrod | 2025-04-07 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-6221 | 1 Corydolphin | 1 Flask-cors | 2025-04-07 | 7.5 High |
| A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. | ||||
| CVE-2025-2992 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.3 Medium |
| A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2994 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3169 | 2025-04-07 | 5 Medium | ||
| A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web." | ||||
| CVE-2025-31484 | 2025-04-07 | N/A | ||
| conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found. | ||||
| CVE-2025-2989 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2991 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.3 Medium |
| A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2990 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30425 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-07 | 4.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode. | ||||
| CVE-2025-30433 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-07 | 9.8 Critical |
| This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. | ||||
| CVE-2025-24193 | 1 Apple | 2 Ipados, Iphone Os | 2025-04-07 | 2.4 Low |
| This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos. | ||||
| CVE-2025-24198 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-07 | 6.6 Medium |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access may be able to use Siri to access sensitive user data. | ||||
| CVE-2025-24202 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-07 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | ||||