This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated.

This issue was addressed with improved handling of executable types. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious JAR file may bypass Gatekeeper ch...

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may...

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.

An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cau...

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write...

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive ...

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data.

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current loca...

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent.

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00.

Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1.

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1.

A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. I...

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in ...

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adic...

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adic...

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adic...

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditi...

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query param...

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.