Search Results (1960 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40805 1 Apple 7 Ios, Ipad Os, Ipados and 4 more 2026-04-02 7.7 High
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.
CVE-2024-27888 1 Apple 1 Macos 2026-04-02 7.1 High
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts of the file system.
CVE-2024-27848 1 Apple 4 Ipad Os, Ipados, Iphone Os and 1 more 2026-04-02 7.4 High
This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.
CVE-2024-27847 1 Apple 4 Ipad Os, Ipados, Iphone Os and 1 more 2026-04-02 7.4 High
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to bypass Privacy preferences.
CVE-2024-27834 5 Apple, Fedoraproject, Redhat and 2 more 12 Ipad Os, Ipados, Iphone Os and 9 more 2026-04-02 8.1 High
The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
CVE-2024-27825 1 Apple 1 Macos 2026-04-02 7.8 High
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences.
CVE-2024-27822 1 Apple 1 Macos 2026-04-02 7.4 High
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges.
CVE-2024-23295 1 Apple 1 Visionos 2026-04-02 6.2 Medium
A permissions issue was addressed to help ensure Personas are always protected. This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona.
CVE-2024-23253 1 Apple 1 Macos 2026-04-02 7.5 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
CVE-2024-23233 1 Apple 1 Macos 2026-04-02 7.8 High
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.
CVE-2024-23201 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-04-02 6.2 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An app may be able to cause a denial-of-service.
CVE-2024-40792 1 Apple 1 Macos 2026-04-02 3.3 Low
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.
CVE-2024-44228 1 Apple 1 Xcode 2026-04-02 7.5 High
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
CVE-2026-0748 2 Drupal, Internationalization Project 2 Internationalization, Internationalization 2026-04-02 4.3 Medium
In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35.
CVE-2026-21716 1 Nodejs 1 Nodejs 2026-04-02 3.8 Low
An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched. As a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.
CVE-2026-32680 1 Ratocsystems 1 Raid Monitoring Manager 2026-03-26 N/A
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege.
CVE-2026-24063 1 Arturia 1 Software Center 2026-03-24 8.2 High
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.
CVE-2023-4065 1 Redhat 6 Amq Broker, Enterprise Linux, Jboss A-mq and 3 more 2026-03-18 5.5 Medium
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.
CVE-2023-31068 1 Tsplus 1 Tsplus Remote Work 2026-03-03 9.8 Critical
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
CVE-2025-55210 2 Freepbx, Sangoma 2 Api, Freepbx 2026-02-27 7.5 High
FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX that they've already connected to, possibly as a lower privileged user. The JWT is signed using the api-oauth.key private key. An attacker can generate their own token if they possess this key (e.g., by accessing an affected instance), and specify any scopes they wish (e.g., rest, gql), bypassing traditional authorization checks. However, FreePBX enforces that the jti (JWT ID) claim must exist in the database (api_access_tokens table in the asterisk MySQL database) in order for the token to be accepted. Therefore, the attacker must know a jti value that already exists on the target instance. This vulnerability is fixed in 17.0.5 and 16.0.17.