Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47544 | 1 Siren | 1 Investigate | 2025-04-10 | 9.8 Critical |
| An issue was discovered in Siren Investigate before 12.1.7. Script variable whitelisting is insufficiently sandboxed. | ||||
| CVE-2022-46762 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-26355 | 1 Amd | 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more | 2025-04-09 | 5.5 Medium |
| Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | ||||
| CVE-2023-23589 | 3 Debian, Fedoraproject, Torproject | 3 Debian Linux, Fedora, Tor | 2025-04-07 | 6.5 Medium |
| The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | ||||
| CVE-2023-20919 | 1 Google | 1 Android | 2025-04-02 | 7.8 High |
| In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068 | ||||
| CVE-2025-27665 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code OVE-20230524-0009. | ||||
| CVE-2023-52378 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-29 | 9.8 Critical |
| Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-42938 | 1 Apple | 1 Itunes | 2025-03-28 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges. | ||||
| CVE-2024-0014 | 1 Google | 1 Android | 2025-03-28 | 8.4 High |
| In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-1671 | 1 Google | 1 Chrome | 2025-03-27 | 6.5 Medium |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2025-03-25 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | ||||
| CVE-2024-38874 | 1 Typo3 | 1 Events2 | 2025-03-24 | 5.4 Medium |
| An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users. | ||||
| CVE-2022-48290 | 1 Huawei | 1 Harmonyos | 2025-03-24 | 9.1 Critical |
| The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | ||||
| CVE-2022-48287 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2025-03-20 | 4.3 Medium |
| Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5691 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-03-19 | 4.7 Medium |
| By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2025-03-19 | 9.9 Critical |
| In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
| CVE-2022-48219 | 1 Hp | 22 Elite Mini 600 G9 Desktop Pc, Elite Mini 800 G9 Desktop Pc, Elite Sff 600 G9 Desktop Pc and 19 more | 2025-03-19 | 6.4 Medium |
| Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. | ||||
| CVE-2024-0029 | 1 Google | 1 Android | 2025-03-14 | 7.1 High |
| In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||