Total
95269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43203 | 1 Apple | 2 Ipados, Iphone Os | 2025-09-17 | N/A | 4.0 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note. | |||||
| CVE-2025-43207 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | |||||
| CVE-2025-43208 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information. | |||||
| CVE-2025-43231 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data. | |||||
| CVE-2025-43262 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.1 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. USB Restricted Mode may not be applied to accessories connected during boot. | |||||
| CVE-2025-43272 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-09-17 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-43279 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 6.2 MEDIUM |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | |||||
| CVE-2025-24133 | 1 Apple | 2 Ipados, Iphone Os | 2025-09-17 | N/A | 4.0 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26 and iPadOS 26. Keyboard suggestions may display sensitive information on the lock screen. | |||||
| CVE-2025-24197 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | |||||
| CVE-2025-30468 | 1 Apple | 2 Ipados, Iphone Os | 2025-09-17 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2025-31254 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2025-09-17 | N/A | 5.4 MEDIUM |
| This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection. | |||||
| CVE-2025-31268 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | |||||
| CVE-2025-52037 | 1 Exe-system | 1 Notescms | 2025-09-17 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79. | |||||
| CVE-2025-8463 | 2025-09-17 | N/A | 5.3 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Nebula Informatics SecHard allows Parameter Injection. This issue requires low privileges such as a user.This issue affects SecHard: before 3.6.2-20250805. | |||||
| CVE-2025-54467 | 2025-09-17 | N/A | 5.3 MEDIUM | ||
| When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log. | |||||
| CVE-2025-53884 | 2025-09-17 | N/A | 5.3 MEDIUM | ||
| NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed). | |||||
| CVE-2025-10592 | 2025-09-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_field/search_text leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-0879 | 2025-09-17 | N/A | 4.7 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shopside Software Shopside App allows Cross-Site Scripting (XSS). This issue requires high privileges.This issue affects Shopside App: before 17.02.2025. | |||||
| CVE-2025-8999 | 2025-09-17 | N/A | 5.3 MEDIUM | ||
| The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_modules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate various theme modules. | |||||
| CVE-2025-0546 | 2025-09-17 | N/A | 4.7 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high privileges. This issue affects MevzuatTR: before 12.02.2025. | |||||