Total
11562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46047 | 1 Sane-project | 1 Sane Backends | 2025-11-04 | N/A | 7.3 HIGH |
| An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. | |||||
| CVE-2025-43348 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks. | |||||
| CVE-2024-3096 | 2 Debian, Php | 2 Debian Linux, Php | 2025-11-04 | N/A | 6.5 MEDIUM |
| In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. | |||||
| CVE-2024-2756 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. | |||||
| CVE-2022-31629 | 3 Debian, Fedoraproject, Php | 3 Debian Linux, Fedora, Php | 2025-11-04 | N/A | 6.5 MEDIUM |
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | |||||
| CVE-2024-25641 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-11-04 | N/A | 9.1 CRITICAL |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue. | |||||
| CVE-2023-32633 | 2025-11-04 | N/A | 6.7 MEDIUM | ||
| Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2025-11-04 | N/A | 10.0 CRITICAL |
| A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
| CVE-2025-43401 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.5 HIGH |
| A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A remote attacker may be able to cause a denial-of-service. | |||||
| CVE-2025-43472 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 7.8 HIGH |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to gain root privileges. | |||||
| CVE-2016-7406 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-11-04 | 10.0 HIGH | 9.8 CRITICAL |
| Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument. | |||||
| CVE-2025-64385 | 2025-11-04 | N/A | N/A | ||
| The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication. | |||||
| CVE-2025-26781 | 1 Samsung | 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1330 and 23 more | 2025-11-04 | N/A | 7.5 HIGH |
| An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service. | |||||
| CVE-2025-43372 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, visionOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-43347 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 9.8 CRITICAL |
| This issue was addressed by removing the vulnerable code. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An input validation issue was addressed. | |||||
| CVE-2025-43299 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service. | |||||
| CVE-2025-43293 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access sensitive user data. | |||||
| CVE-2024-47175 | 2 Debian, Openprinting | 2 Debian Linux, Libppd | 2025-11-03 | N/A | 8.6 HIGH |
| CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. | |||||
| CVE-2024-47076 | 1 Openprinting | 1 Libcupsfilters | 2025-11-03 | N/A | 8.6 HIGH |
| CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. | |||||
| CVE-2025-30471 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-03 | N/A | 7.5 HIGH |
| A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service. | |||||