Total
5748 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64358 | 3 Webtoffee, Woocommerce, Wordpress | 3 Smart Coupons For Woocommerce, Woocommerce, Wordpress | 2025-11-04 | 4.3 Medium |
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3. | ||||
| CVE-2025-12156 | 2025-11-04 | 4.3 Medium | ||
| The Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_post_data() function in versions 2.0.7 to 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create and publish arbitrary posts. | ||||
| CVE-2025-12389 | 2025-11-04 | 4.3 Medium | ||
| The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's record setting. | ||||
| CVE-2025-43358 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-11-04 | 8.8 High |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. A shortcut may be able to bypass sandbox restrictions. | ||||
| CVE-2025-43341 | 1 Apple | 3 Macos, Macos Sonoma, Macos Tahoe | 2025-11-04 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to gain root privileges. | ||||
| CVE-2025-43329 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-11-04 | 8.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43316 | 1 Apple | 2 Macos, Visionos | 2025-11-04 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-43311 | 1 Apple | 1 Macos | 2025-11-04 | 5.1 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. | ||||
| CVE-2025-43286 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-11-04 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox. | ||||
| CVE-2024-54466 | 1 Apple | 1 Macos | 2025-11-03 | 6.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password. | ||||
| CVE-2024-44265 | 1 Apple | 1 Macos | 2025-11-03 | 7.5 High |
| The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device. | ||||
| CVE-2025-31194 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication. | ||||
| CVE-2025-31182 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission. | ||||
| CVE-2025-30461 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | ||||
| CVE-2025-24259 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check. | ||||
| CVE-2025-24249 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system. | ||||
| CVE-2025-24245 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords. | ||||
| CVE-2024-44156 | 1 Apple | 1 Macos | 2025-11-03 | 7.1 High |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | ||||
| CVE-2023-30581 | 2 Nodejs, Redhat | 3 Node.js, Enterprise Linux, Rhel Eus | 2025-11-03 | 7.5 High |
| The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | ||||
| CVE-2025-24181 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | ||||