Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0141 1 Google 1 Chrome 2025-03-20 4.3 Medium
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-0133 1 Google 2 Android, Chrome 2025-03-20 6.5 Medium
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0132 2 Google, Microsoft 2 Chrome, Windows 2025-03-20 6.5 Medium
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0131 1 Google 1 Chrome 2025-03-20 6.5 Medium
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-0130 1 Google 2 Android, Chrome 2025-03-20 6.5 Medium
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-41564 1 Tibco 2 Hawk, Operational Intelligence Hawk Redtail 2025-03-20 6.8 Medium
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.
CVE-2024-22235 1 Vmware 2 Aria Operations, Cloud Foundation 2025-03-20 6.7 Medium
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVE-2024-31399 1 Cybozu 1 Garoon 2025-03-20 5.3 Medium
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
CVE-2023-25758 1 Onekey 4 Onekey Mini, Onekey Mini Firmware, Onekey Touch and 1 more 2025-03-20 4.2 Medium
Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."
CVE-2024-3174 1 Google 1 Chrome 2025-03-20 8.8 High
Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-38970 1 Vaethink 1 Vaethink 2025-03-20 4.9 Medium
vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function.
CVE-2024-5691 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-03-19 4.7 Medium
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2023-42957 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-03-19 3.3 Low
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.
CVE-2023-28452 1 Coredns.io 1 Coredns 2025-03-19 7.5 High
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.
CVE-2023-23458 1 Sunellsecurity 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more 2025-03-19 6.5 Medium
Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.
CVE-2023-24499 1 Butterfly-button Project 1 Butterfly-button 2025-03-19 4.3 Medium
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.
CVE-2023-22938 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-03-19 4.3 Medium
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
CVE-2024-33880 2 Microsoft, Virtosoftware 2 Sharepoint Server, Sharepoint Bulk File Download 2025-03-19 5.3 Medium
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.
CVE-2024-31315 1 Google 1 Android 2025-03-19 5.3 Medium
In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-0034 1 Google 1 Android 2025-03-19 7.8 High
In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.