Total
3098 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13430 | 2025-03-12 | 4.3 Medium | ||
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | ||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-03-12 | 8.2 High |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | ||||
| CVE-2025-24042 | 2025-03-12 | 7.3 High | ||
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-21359 | 2025-03-12 | 7.8 High | ||
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2025-21337 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 3.3 Low |
| Windows NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2025-2219 | 2025-03-12 | 7.3 High | ||
| A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2218 | 2025-03-12 | 5.3 Medium | ||
| A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2216 | 2025-03-12 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-23243 | 2025-03-11 | 6.5 Medium | ||
| NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. | ||||
| CVE-2025-23242 | 2025-03-11 | 7.3 High | ||
| NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. | ||||
| CVE-2024-9157 | 2025-03-11 | 7.8 High | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information. | ||||
| CVE-2025-24076 | 2025-03-11 | 7.3 High | ||
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24994 | 2025-03-11 | 7.3 High | ||
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2022-32902 | 1 Apple | 1 Macos | 2025-03-11 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | ||||
| CVE-2025-26645 | 2025-03-11 | 8.8 High | ||
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2024-43600 | 1 Microsoft | 1 Office | 2025-03-11 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-11 | 7.3 High |
| WmsRepair Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop, Windows 10 1507, Windows 10 1607 and 14 more | 2025-03-11 | 8.4 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2024-49068 | 1 Microsoft | 1 Sharepoint Server | 2025-03-11 | 8.2 High |
| Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| CVE-2024-43594 | 1 Microsoft | 3 System Center 2019, System Center 2022, System Center 2025 | 2025-03-11 | 7.3 High |
| Microsoft System Center Elevation of Privilege Vulnerability | ||||