Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52715 | 1 Huawei | 1 Harmonyos | 2025-03-28 | N/A | 7.5 HIGH |
| The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-49930 | 1 Couchbase | 1 Couchbase Server | 2025-03-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted. | |||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-1279 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-03-28 | N/A | 4.3 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata. | |||||
| CVE-2025-0625 | 1 Campcodes | 1 School Management Software | 2025-03-28 | N/A | N/A |
| A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25765 | 1 Mrcms | 1 Mrcms | 2025-03-28 | N/A | N/A |
| MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do. | |||||
| CVE-2024-1547 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-03-28 | N/A | 6.5 MEDIUM |
| Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | |||||
| CVE-2025-2280 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | N/A |
| Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature. | |||||
| CVE-2025-2278 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | N/A |
| Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID. | |||||
| CVE-2024-5072 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | N/A |
| Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and earlier allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request. | |||||
| CVE-2024-11671 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | N/A |
| Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | |||||
| CVE-2024-1901 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | N/A |
| Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. | |||||
| CVE-2024-1764 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | N/A |
| Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances | |||||
| CVE-2025-1635 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | N/A |
| Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic. | |||||
| CVE-2025-1636 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | N/A |
| Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic. | |||||
| CVE-2024-2918 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | N/A |
| Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request. | |||||
| CVE-2022-48116 | 1 Ayacms Project | 1 Ayacms | 2025-03-28 | N/A | 7.2 HIGH |
| AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. | |||||
| CVE-2022-46357 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||
| CVE-2022-46356 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||
| CVE-2022-46358 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
| Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | |||||