Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 25667 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-32896 1 Google 1 Android 2024-06-14 N/A 7.8 HIGH
there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-26169 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2024-06-14 N/A 7.8 HIGH
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-22233 1 Vmware 1 Spring Framework 2024-06-14 N/A 7.5 HIGH
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.
CVE-2023-51750 2 Microsoft, Scalefusion 2 Windows, Scalefusion 2024-06-12 N/A 4.6 MEDIUM
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
CVE-2022-32933 1 Apple 1 Macos 2024-06-12 N/A 5.3 MEDIUM
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
CVE-2022-48683 1 Apple 1 Macos 2024-06-12 N/A 7.8 HIGH
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.
CVE-2023-40389 1 Apple 1 Macos 2024-06-12 N/A 5.5 MEDIUM
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.
CVE-2024-23299 1 Apple 1 Macos 2024-06-12 N/A 8.6 HIGH
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of its sandbox.
CVE-2024-27792 1 Apple 1 Macos 2024-06-12 N/A 5.5 MEDIUM
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data.
CVE-2024-32167 1 Oretnom23 1 Online Medicine Ordering System 2024-06-12 N/A 9.1 CRITICAL
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.
CVE-2024-37014 1 Langflow 1 Langflow 2024-06-12 N/A 9.8 CRITICAL
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
CVE-2024-31611 1 Seacms 1 Seacms 2024-06-12 N/A 9.1 CRITICAL
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
CVE-2024-23213 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-06-12 N/A 8.8 HIGH
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution.
CVE-2024-23206 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-06-12 N/A 6.5 MEDIUM
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2023-42956 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-06-12 N/A 6.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service.
CVE-2023-42950 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-06-12 N/A 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2023-42890 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-06-12 N/A 8.8 HIGH
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.
CVE-2023-42883 2 Apple, Debian 7 Ipados, Iphone Os, Macos and 4 more 2024-06-12 N/A 5.5 MEDIUM
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.
CVE-2018-15660 1 Olacabs 1 Olamoney 2024-06-11 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix
CVE-2019-1010023 1 Gnu 1 Glibc 2024-06-11 6.8 MEDIUM 8.8 HIGH
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.