Search Results (2899 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-70888 2 Mtrojnar, Osslsigncode Project 2 Osslsigncode, Osslsigncode 2026-04-03 9.8 Critical
An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component
CVE-2024-54560 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-04-02 5.5 Medium
A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission.
CVE-2024-40802 1 Apple 1 Macos 2026-04-02 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-40781 1 Apple 1 Macos 2026-04-02 8.4 High
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-27826 1 Apple 9 Ipad Os, Ipados, Iphone Os and 6 more 2026-04-02 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.
CVE-2024-27811 1 Apple 8 Ios, Ipad Os, Ipados and 5 more 2026-04-02 9.1 Critical
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.
CVE-2024-23276 1 Apple 1 Macos 2026-04-02 8.4 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
CVE-2024-23253 1 Apple 1 Macos 2026-04-02 7.5 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
CVE-2025-43333 1 Apple 1 Macos 2026-04-02 7.8 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.
CVE-2024-40861 1 Apple 1 Macos 2026-04-02 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
CVE-2026-20607 1 Apple 1 Macos 2026-04-02 4 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
CVE-2026-28889 1 Apple 1 Xcode 2026-04-02 6.2 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
CVE-2024-44147 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2026-04-02 7.7 High
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.
CVE-2026-20631 1 Apple 1 Macos 2026-04-02 8.4 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
CVE-2026-28867 1 Apple 7 Ios And Ipados, Ipados, Iphone Os and 4 more 2026-04-02 6.2 Medium
This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.
CVE-2025-70887 1 Ralphje 1 Signify 2026-04-02 8.8 High
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
CVE-2026-31836 2 Bluewave-labs, Bluewavelabs 2 Checkmate, Checkmate 2026-03-30 8.1 High
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.
CVE-2026-30892 2 Containers, Crun Project 2 Crun, Crun 2026-03-27 0 Low
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
CVE-2026-33334 2 Go-vikunja, Vikunja 2 Vikunja, Vikunja 2026-03-27 9.6 Critical
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the renderer process without `contextIsolation` or `sandbox`. This means any cross-site scripting (XSS) vulnerability in the Vikunja web frontend -- present or future -- automatically escalates to full remote code execution on the victim's machine, as injected scripts gain access to Node.js APIs. Version 2.2.0 fixes the issue.
CVE-2026-33509 2 Pyload, Pyload-ng Project 2 Pyload, Pyload-ng 2026-03-27 7.5 High
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run() in the thread manager's reconnect logic. A SETTINGS user can set this to any executable file on the system, achieving Remote Code Execution. The only validation in set_config_value() is a hardcoded check for general.storage_folder — all other security-critical settings including reconnect.script are writable without any allowlist or path restriction. This issue has been patched in version 0.5.0b3.dev97.