Total
4422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29051 | 1 Open-xchange | 1 Ox App Suite | 2025-11-04 | N/A | 8.1 HIGH |
|
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exp ...
Show More |
|||||
| CVE-2024-40822 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 2.4 LOW |
|
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. An attacker with physical access to a device may be able to access contacts from the lock screen.
|
|||||
| CVE-2024-40812 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.
|
|||||
| CVE-2024-40786 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 7.5 HIGH |
|
This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information.
|
|||||
| CVE-2019-20462 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
|
An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used.
|
|||||
| CVE-2024-40825 | 1 Apple | 2 Macos, Visionos | 2025-11-04 | N/A | 4.4 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.
|
|||||
| CVE-2024-30261 | 2 Fedoraproject, Nodejs | 2 Fedora, Undici | 2025-11-04 | N/A | 2.6 LOW |
|
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
|
|||||
| CVE-2025-43309 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 2.4 LOW |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
|
|||||
| CVE-2025-61113 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as device identifiers and birthdays) and access private group information, including join credentials. Successful exploitation may result in privacy breaches and unauthorized access to restricted resources.
|
|||||
| CVE-2025-61114 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the user_token, enabling attackers to brute force tokens and perform unauthorized queries on other user accounts. Successful exploitation could result in privacy breaches and unauthorized access to user data.
|
|||||
| CVE-2025-61115 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication, allowing attackers to bypass login checks and obtain valid session identifiers. Successful exploitation could result in unauthorized account access, privacy breaches, and misuse of the platform.
|
|||||
| CVE-2025-61116 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be manipulated by attackers to gain unauthorized access to user accounts. Successful exploitation could result in account compromise, privacy breaches, and misuse of the platform.
|
|||||
| CVE-2025-43027 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
|
A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.
|
|||||
| CVE-2025-61118 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data and groups. Successful exploitation could result in fake account creation, privacy breaches, and misuse of the platform.
|
|||||
| CVE-2025-61119 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful exploitation could result in privacy breaches, unauthorized group access, and misuse of the platform.
|
|||||
| CVE-2025-63422 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request.
|
|||||
| CVE-2025-61120 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force account logins feasible. Successful exploitation could result in account compromise, privacy breaches, and abuse of cloud resources.
|
|||||
| CVE-2025-61117 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl.senza), developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful exploitation could result in unauthorized account access, privacy breaches, and misuse of the platform.
|
|||||
| CVE-2025-63423 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 was discovered to store the Administrator password.
|
|||||
| CVE-2025-29270 | 2025-11-04 | N/A | 10.0 CRITICAL | ||
|
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
|
|||||
| CVE-2025-43332 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.2 MEDIUM |
|
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.
|
|||||
| CVE-2025-43321 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
The issue was resolved by blocking unsigned services from launching on Intel Macs. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data.
|
|||||
| CVE-2025-43319 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data.
|
|||||
| CVE-2025-43317 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43315 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access user-sensitive data.
|
|||||
| CVE-2025-43308 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.3 MEDIUM |
|
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-43305 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. A malicious app may be able to access private information.
|
|||||
| CVE-2025-43291 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2025-43285 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data.
|
|||||
| CVE-2025-31269 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to access protected user data.
|
|||||
| CVE-2025-31268 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data.
|
|||||
| CVE-2025-24197 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access sensitive user data.
|
|||||
| CVE-2024-8805 | 1 Bluez | 1 Bluez | 2025-11-03 | N/A | 8.8 HIGH |
|
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code ...
Show More |
|||||
| CVE-2025-31187 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2025-30462 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
|
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.
|
|||||
| CVE-2025-30460 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.4 HIGH |
|
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
|
|||||
| CVE-2025-30450 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
|
|||||
| CVE-2025-30438 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
|
|||||
| CVE-2025-30433 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-03 | N/A | 9.8 CRITICAL |
|
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
|
|||||
| CVE-2025-30425 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-03 | N/A | 4.3 MEDIUM |
|
This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.
|
|||||