THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — March 10, 2025

83 CVEs tracked today. 8 Critical, 29 High, 38 Medium, 7 Low.

CVE-2025-24813 CRITICAL CVSS 9.8
A critical path equivalence vulnerability in Apache Tomcat's Default Servlet allows unauthenticated remote code execution through specially crafted PUT requests using internal dot notation in filenames. With EPSS of 94% and active exploitation in the wild, this represents one of the most dangerous Tomcat vulnerabilities in recent years, affecting versions 9.0.0-9.0.98, 10.1.0-10.1.34, and 11.0.0-11.0.2.

Apache RCE Information Disclosure Redhat Suse
CVE-2025-26936 CRITICAL CVSS 10.0
Fresh Framework for WordPress (through 1.70.0) contains a code injection vulnerability that allows unauthenticated attackers to execute arbitrary code with scope change, achieving maximum impact on confidentiality, integrity, and availability.

WordPress PHP Code Injection RCE
CVE-2025-26916 CRITICAL CVSS 9.0
The Massive Dynamic WordPress theme (through 8.2) by EPC is vulnerable to PHP Remote File Inclusion via an improperly controlled include/require statement. Although the attack complexity is high, successful exploitation allows unauthenticated remote code execution with scope change.

PHP
CVE-2025-25977 CRITICAL CVSS 9.8
canvg 4.0.2 is vulnerable to arbitrary code execution through prototype pollution in the StyleElement class constructor. An attacker can exploit this to execute code in environments that process SVG content with canvg. A PoC exists with no patch available.

RCE Code Injection Redhat
CVE-2025-25940 CRITICAL CVSS 9.8
VisiCut 2.1 allows remote code execution through insecure XML deserialization in the loadPlfFile method. An attacker who can supply a crafted PLF file can execute arbitrary Java code on the victim's machine. A public PoC exploit exists and no patch is available.

Java
CVE-2025-25306 CRITICAL CVSS 9.3
Misskey, a federated social media platform, has an incomplete fix for CVE-2024-52591 that allows ActivityPub object forgery. An attacker can claim authority in the URL field even when the protocol requires authority in the ID field, enabling spoofing of federated content. Fixed in 2025.2.1.

RCE
CVE-2025-1945 CRITICAL CVSS 9.8
PickleScan before 0.0.23 can be bypassed by flipping specific ZIP file header flag bits, allowing malicious pickle files to evade detection inside PyTorch model archives. An attacker can embed arbitrary code execution payloads that PickleScan misses but PyTorch's torch.load() still processes. A proof-of-concept exists and a patch is available in version 0.0.23.

Authentication Bypass Deserialization RCE Pytorch AI / ML
CVE-2025-1497 CRITICAL CVSS 9.8
PlotAI is vulnerable to remote code execution because it executes LLM-generated Python code without validation. The vendor has acknowledged the flaw by commenting out the vulnerable line but does not plan to release a formal patch, leaving users who re-enable the feature at risk.

Python RCE
CVE-2025-27925 HIGH CVSS 8.5
Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by deserialization of untrusted data (CVSS 8.5).

Deserialization
CVE-2025-27913 HIGH CVSS 7.5
Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header. [CVSS 7.5 HIGH]

Information Disclosure
CVE-2025-27910 HIGH CVSS 8.0
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. [CVSS 8.0 HIGH]

CSRF RCE
CVE-2025-27616 HIGH CVSS 8.5
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the e...

Linux RCE Suse
CVE-2025-27615 HIGH CVSS 8.2
umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. [CVSS 8.2 HIGH]

Docker
CVE-2025-27610 HIGH CVSS 7.5
Rack provides an interface for developing web applications in Ruby. versions up to 2.2.13 contains a security vulnerability (CVSS 7.5).

Path Traversal Redhat Suse
CVE-2025-27256 HIGH CVSS 8.3
GE Vernova Enervista UR Setup application is affected by missing authentication for critical function (CVSS 8.3).

Authentication Bypass
CVE-2025-27255 HIGH CVSS 8.0
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. [CVSS 8.0 HIGH]

Privilege Escalation
CVE-2025-27254 HIGH CVSS 8.0
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. [CVSS 8.0 HIGH]

Windows Authentication Bypass
CVE-2025-26933 HIGH CVSS 7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7. [CVSS 7.5 HIGH]

PHP
CVE-2025-26696 HIGH CVSS 7.0
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. [CVSS 7.0 HIGH]

Mozilla Authentication Bypass Redhat Suse Thunderbird
CVE-2025-25907 HIGH CVSS 8.8
tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. [CVSS 8.8 HIGH]

CSRF RCE
CVE-2025-25614 HIGH CVSS 8.8
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. [CVSS 8.8 HIGH]

Privilege Escalation
CVE-2025-25382 HIGH CVSS 7.5
The Property Tax Payment Portal in Kerala's SANCHAYA system (version 3.0.4) has a flaw that lets attackers change payment amounts in fake requests, potentially paying less tax than owed. This affects anyone using this government portal to pay property taxes in Kerala, India. An attacker could exploit this to reduce their tax payments or cause financial loss to the government by manipulating transaction amounts.

Information Disclosure
CVE-2025-22603 HIGH CVSS 8.1
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. [CVSS 8.1 HIGH]

SSRF
CVE-2025-2137 HIGH CVSS 8.8
Out of bounds read in V8 in Google Chrome versions up to 134.0.6998.88 is affected by out-of-bounds read (CVSS 8.8).

Chrome Suse Google
CVE-2025-2136 HIGH CVSS 8.8
Use after free in Inspector in Google Chrome versions up to 134.0.6998.88 is affected by use after free (CVSS 8.8).

Chrome Suse Google
CVE-2025-2135 HIGH CVSS 8.8
Type Confusion in V8 in Google Chrome versions up to 134.0.6998.88 is affected by access of resource using incompatible type (type confusion) (CVSS 8.8).

Chrome Suse Google
CVE-2025-1920 HIGH CVSS 8.8
Type Confusion in V8 in Google Chrome versions up to 134.0.6998.88 is affected by access of resource using incompatible type (type confusion) (CVSS 8.8).

Chrome Suse Google
CVE-2024-56192 HIGH CVSS 7.8
In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Buffer Overflow Privilege Escalation
CVE-2024-56191 HIGH CVSS 8.4
In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Integer Overflow
CVE-2024-54546 HIGH CVSS 7.5
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux macOS Apple
CVE-2024-44227 HIGH CVSS 7.5
The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 7.5 HIGH]

Linux Denial Of Service Apple macOS iOS
CVE-2024-43107 HIGH CVSS 7.2
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. [CVSS 7.2 HIGH]

Authentication Bypass
CVE-2024-41724 HIGH CVSS 8.7
in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre versions up to 9.20.1043. is affected by improper certificate validation (CVSS 8.7).

Authentication Bypass
CVE-2024-13919 HIGH CVSS 8.0
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. [CVSS 8.0 HIGH]

XSS
CVE-2024-13918 HIGH CVSS 8.0
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. [CVSS 8.0 HIGH]

XSS
CVE-2024-11638 HIGH CVSS 8.8
The Gtbabel WordPress plugin before version 6.6.9 fails to validate that analyzed URLs belong to the legitimate website, allowing attackers to trick users into visiting malicious links that steal their login cookies. This affects any WordPress site running the vulnerable plugin version. An attacker could craft a specially designed URL that, when clicked by an admin or logged-in user, exposes their session cookies, potentially giving the attacker full account access.

WordPress
CVE-2022-43454 HIGH CVSS 7.8
A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. [CVSS 7.8 HIGH]

Linux Denial Of Service macOS iOS Apple
CVE-2025-27926 MEDIUM CVSS 4.3
In Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by incorrect default permissions (CVSS 4.3).

Privilege Escalation
CVE-2025-27924 MEDIUM CVSS 5.4
Nintex Automation 5.6 and 5.7 versions up to 5.8 is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
CVE-2025-27257 MEDIUM CVSS 6.1
GE Vernova UR IED family devices is affected by insufficient verification of data authenticity (CVSS 6.1).

RCE
CVE-2025-27253 MEDIUM CVSS 6.1
GE Vernova UR IED devices (versions 7.0-8.60) have a flaw that lets attackers control network settings without proper validation, specifically allowing them to set up unauthorized port forwarding connections. This could let an attacker bypass firewall protections and send harmful traffic across the network. The vulnerability affects industrial control systems used in power generation and distribution environments.

Authentication Bypass
CVE-2025-26910 MEDIUM CVSS 6.1
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1. [CVSS 7.1 HIGH]

XSS CSRF
CVE-2025-26695 MEDIUM CVSS 5.3
When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. [CVSS 5.3 MEDIUM]

Mozilla Information Disclosure Redhat Suse Thunderbird
CVE-2025-25908 MEDIUM CVSS 5.4
A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save. [CVSS 5.4 MEDIUM]

XSS
CVE-2025-25620 MEDIUM CVSS 5.4
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. [CVSS 5.4 MEDIUM]

XSS
CVE-2025-25616 MEDIUM CVSS 4.3
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. [CVSS 4.3 MEDIUM]

Authentication Bypass
CVE-2025-24387 MEDIUM CVSS 4.8
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. [CVSS 4.8 MEDIUM]

Information Disclosure Suse
CVE-2025-2153 MEDIUM CVSS 5.0
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. [CVSS 5.0 MEDIUM]

Buffer Overflow Suse
CVE-2025-2152 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. [CVSS 6.3 MEDIUM]

Buffer Overflow Suse
CVE-2025-2151 MEDIUM CVSS 6.3
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. [CVSS 6.3 MEDIUM]

Buffer Overflow Suse
CVE-2025-2150 MEDIUM CVSS 5.4
The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email. [CVSS 5.4 MEDIUM]

XSS
CVE-2025-2148 MEDIUM CVSS 5.0
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. [CVSS 5.0 MEDIUM]

Buffer Overflow Pytorch AI / ML
CVE-2025-2147 MEDIUM CVSS 5.3
A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. It has been classified as problematic. [CVSS 5.3 MEDIUM]

Information Disclosure
CVE-2025-1944 MEDIUM CVSS 6.5
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise a BadZipFile error. However, PyTorch's more forgiving ZIP implementation still allows the mod...

Denial Of Service Authentication Bypass Pytorch AI / ML
CVE-2025-1926 MEDIUM CVSS 4.3
The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. [CVSS 4.3 MEDIUM]

WordPress CSRF PHP
CVE-2025-1296 MEDIUM CVSS 6.5
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. [CVSS 6.5 MEDIUM]

Information Disclosure Suse
CVE-2025-0660 MEDIUM CVSS 4.8
Concrete CMS versions 9.0.0 versions up to 9.3.9 is affected by improper input validation (CVSS 4.8).

XSS
CVE-2024-57492 MEDIUM CVSS 5.5
An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton. [CVSS 5.5 MEDIUM]

Denial Of Service
CVE-2024-56188 MEDIUM CVSS 5.1
there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Denial Of Service
CVE-2024-56187 MEDIUM CVSS 6.6
In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. [CVSS 6.6 MEDIUM]

Information Disclosure
CVE-2024-56186 MEDIUM CVSS 5.1
In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Information Disclosure
CVE-2024-56185 MEDIUM CVSS 5.1
In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. [CVSS 5.1 MEDIUM]

Information Disclosure
CVE-2024-56184 MEDIUM CVSS 5.1
In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. [CVSS 5.1 MEDIUM]

Information Disclosure
CVE-2024-55199 MEDIUM CVSS 5.4
A Stored Cross Site Scripting (XSS) vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to store JavaScript code inside a PDF file through the file upload feature. When the file is rendered, the injected code is executed on the user's browser. [CVSS 5.4 MEDIUM]

XSS
CVE-2024-54560 MEDIUM CVSS 5.5
A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Privilege Escalation
CVE-2024-54473 MEDIUM CVSS 5.5
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
CVE-2024-54469 MEDIUM CVSS 5.5
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. [CVSS 5.5 MEDIUM]

Apple Information Disclosure
CVE-2024-54467 MEDIUM CVSS 6.5
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. [CVSS 6.5 MEDIUM]

Apple Information Disclosure
CVE-2024-54463 MEDIUM CVSS 5.5
This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. [CVSS 5.5 MEDIUM]

Apple Information Disclosure macOS
CVE-2024-53307 MEDIUM CVSS 5.4
A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. [CVSS 5.4 MEDIUM]

XSS
CVE-2024-52812 MEDIUM CVSS 5.4
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in ...

XSS Suse
CVE-2024-47109 MEDIUM CVSS 5.3
IBM Sterling File Gateway 6.0.0.0 versions up to 6.1.2.6 is affected by insufficiently protected credentials (CVSS 5.3).

Authentication Bypass IBM
CVE-2024-44192 MEDIUM CVSS 5.5
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. [CVSS 5.5 MEDIUM]

Denial Of Service Apple
CVE-2024-12604 MEDIUM CVSS 6.5
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. [CVSS 6.5 MEDIUM]

Information Disclosure
CVE-2022-48610 MEDIUM CVSS 5.5
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. [CVSS 5.5 MEDIUM]

Denial Of Service macOS iOS Apple
CVE-2025-27136 None
LocalS3 is an Amazon S3 mock service for testing and local development. Prior to version 1.21, the LocalS3 service's bucket creation endpoint is vulnerable to XML External Entity (XXE) injection. When processing the CreateBucketConfiguration XML document during bucket creation, the service's XML parser is configured to resolve external entities. This allows an attacker to declare an external en...

RCE
CVE-2025-26865 LOW CVSS 3.5
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. [CVSS 3.5 LOW]

Apache
CVE-2025-25615 LOW CVSS 2.7
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. [CVSS 2.7 LOW]

Authentication Bypass Tenda
CVE-2025-2149 LOW CVSS 2.5
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. [CVSS 2.5 LOW]

Information Disclosure Pytorch AI / ML
CVE-2025-2133 LOW CVSS 2.4
A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. [CVSS 2.4 LOW]

PHP
CVE-2024-54558 LOW CVSS 2.8
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.8 LOW]

Denial Of Service macOS iOS Apple
CVE-2024-52905 LOW CVSS 2.7
IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 contain an information disclosure flaw that could allow users with elevated privileges to access sensitive database information they shouldn't normally be able to see. This affects organizations using these specific versions of the software. An attacker with administrative or privileged access could exploit this to view confidential data stored in the database.

IBM Information Disclosure
CVE-2024-44179 LOW CVSS 2.4
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15. [CVSS 2.4 LOW]

Denial Of Service Apple macOS iOS

Today's Vulnerabilities Vulnerabilities