Total
9776 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24174 | 1 Apple | 1 Macos | 2025-11-03 | 7.7 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences. | ||||
| CVE-2025-24164 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24146 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may expose user contact information in system logging. | ||||
| CVE-2025-24138 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information. | ||||
| CVE-2025-24134 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data. | ||||
| CVE-2025-24109 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data. | ||||
| CVE-2025-24102 | 1 Apple | 2 Ipados, Macos | 2025-11-03 | 9.8 Critical |
| The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current location. | ||||
| CVE-2025-21567 | 1 Oracle | 1 Mysql Server | 2025-11-03 | 4.3 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-54031 | 1 Linux | 1 Linux Kernel | 2025-11-03 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21: alignment fault [ 72.135593] Data abort info: [ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000 [ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000 [ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403, +pte=0068000102bb7707 [ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP [...] [ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: G E 6.13.0-rc3+ #2 [ 72.170509] Tainted: [E]=UNSIGNED_MODULE [ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023 [ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables] [ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables] [ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables] [ 72.172546] sp : ffff800081f2bce0 [ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038 [ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78 [ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78 [ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000 [ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978 [ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0 [ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000 [ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000 [ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000 [ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004 [ 72.176207] Call trace: [ 72.176316] nft_rhash_gc+0x200/0x2d8 [nf_tables] (P) [ 72.176653] process_one_work+0x178/0x3d0 [ 72.176831] worker_thread+0x200/0x3f0 [ 72.176995] kthread+0xe8/0xf8 [ 72.177130] ret_from_fork+0x10/0x20 [ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f) [ 72.177557] ---[ end trace 0000000000000000 ]--- Align struct nft_set_ext to word size to address this and documentation it. pahole reports that this increases the size of elements for rhash and pipapo in 8 bytes on x86_64. | ||||
| CVE-2024-40864 | 1 Apple | 1 Macos | 2025-11-03 | 2.7 Low |
| The issue was addressed with improved handling of protocols. This issue is fixed in macOS Ventura 13.7.5, macOS Sonoma 14.7.5. An attacker in a privileged network position can track a user's activity. | ||||
| CVE-2024-12426 | 1 The Document Foundation | 1 Libreoffice | 2025-11-03 | 5.0 Medium |
| Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. | ||||
| CVE-2024-11053 | 3 Haxx, Netapp, Redhat | 20 Curl, Bootstrap Os, H300s and 17 more | 2025-11-03 | 3.4 Low |
| When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. | ||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2025-11-03 | 5.3 Medium |
| IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | ||||
| CVE-2025-30451 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-30435 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs. | ||||
| CVE-2025-24282 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24281 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-24262 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs. | ||||
| CVE-2025-6425 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2025-11-03 | 4.3 Medium |
| An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | ||||
| CVE-2025-5266 | 2 Mozilla, Redhat | 7 Firefox, Enterprise Linux, Rhel Aus and 4 more | 2025-11-03 | 4.3 Medium |
| Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | ||||