Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23253 | 1 Apple | 1 Macos | 2025-11-04 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. | ||||
| CVE-2023-38944 | 1 Multilaser | 4 Re160v, Re160v Firmware, Re163v and 1 more | 2025-11-04 | 9.8 Critical |
| An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header. | ||||
| CVE-2024-40802 | 1 Apple | 1 Macos | 2025-11-04 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2024-40781 | 1 Apple | 1 Macos | 2025-11-04 | 8.4 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2024-27826 | 1 Apple | 9 Ipad Os, Ipados, Iphone Os and 6 more | 2025-11-04 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-44147 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2025-11-04 | 7.7 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network. | ||||
| CVE-2024-40861 | 1 Apple | 1 Macos | 2025-11-04 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges. | ||||
| CVE-2023-32559 | 2 Nodejs, Redhat | 4 Node.js, Nodejs, Enterprise Linux and 1 more | 2025-11-04 | 7.5 High |
| A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
| CVE-2025-8489 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2025-11-04 | 9.8 Critical |
| The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts. | ||||
| CVE-2025-24254 | 1 Apple | 1 Macos | 2025-11-03 | 8.8 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges. | ||||
| CVE-2023-31005 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | 6.2 Medium |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767. | ||||
| CVE-2021-32739 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2025-11-03 | 8.8 High |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. | ||||
| CVE-2022-42919 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Python, Enterprise Linux and 1 more | 2025-11-03 | 7.8 High |
| Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | ||||
| CVE-2025-21546 | 2 Oracle, Redhat | 2 Mysql Server, Enterprise Linux | 2025-11-03 | 3.8 Low |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2025-43249 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-03 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges. | ||||
| CVE-2025-43199 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-03 | 9.8 Critical |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-31243 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-03 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to gain root privileges. | ||||
| CVE-2025-31222 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | 7.8 High |
| A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges. | ||||
| CVE-2025-27644 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 7.8 High |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. | ||||
| CVE-2025-27639 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 8.8 High |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015. | ||||