CVE-2025-31241 - Apple iOS/WatchOS tvOS/PadOS Double Free Vulnerability
CVE ID : CVE-2025-31241
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31241
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31242 - Apple iPadOS and macOS Private Data Exposure Vulnerability
CVE ID : CVE-2025-31242
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31242
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31244 - Apple macOS Sandbox Escalation
CVE ID : CVE-2025-31244
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31244
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31245 - Apple macOS Denial of Service Vulnerability
CVE ID : CVE-2025-31245
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31245
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31246 - Apple macOS AFP Server Kernel Memory Corruption Vulnerability
CVE ID : CVE-2025-31246
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31246
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31247 - Apple macOS Unauthorized File System Access
CVE ID : CVE-2025-31247
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31247
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31249 - Apple macOS Sequoia Logic Flaw Allows Sensitive Data Exposure
CVE ID : CVE-2025-31249
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31249
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31250 - Apple macOS Sequoia Information Disclosure Vulnerability
CVE ID : CVE-2025-31250
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31250
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31251 - Apple Media File Processing Denial of Service
CVE ID : CVE-2025-31251
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31251
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31253 - Apple FaceTime Audio Muting Vulnerability
CVE ID : CVE-2025-31253
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31253
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31256 - Apple Notes Cache Exposure Vulnerability
CVE ID : CVE-2025-31256
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31256
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31257 - Apple Safari Web Content Processing Memory Corruption Vulnerability
CVE ID : CVE-2025-31257
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31257
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31258 - This issue was addressed by removing the vulnerabl
CVE ID : CVE-2025-31258
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31258
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31259 - Apple macOS Sequoia Privilege Escalation Vulnerability
CVE ID : CVE-2025-31259
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31259
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31260 - Apple macOS Sequoia Permission Escalation Vulnerability
CVE ID : CVE-2025-31260
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31260
Published : May 12, 2025, 10:15 p.m. | 3 hours, 2 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46825 - Kanboard Stored Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-46825
Published : May 12, 2025, 11:15 p.m. | 2 hours, 2 minutes ago
Description : Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46825
Published : May 12, 2025, 11:15 p.m. | 2 hours, 2 minutes ago
Description : Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-49641 - Oracle Billing Software SQL Injection Vulnerability
CVE ID : CVE-2023-49641
Published : May 13, 2025, 12:15 a.m. | 1 hour, 3 minutes ago
Description : Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-49641
Published : May 13, 2025, 12:15 a.m. | 1 hour, 3 minutes ago
Description : Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30012 - SAP SRM Java Applet Deserialization Vulnerability
CVE ID : CVE-2025-30012
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30012
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30018 - SAP SRM Information Disclosure
CVE ID : CVE-2025-30018
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30018
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31329 - SAP NetWeaver Information Disclosure Injection Vulnerability
CVE ID : CVE-2025-31329
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31329
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42997 - SAP Gateway Client Information Disclosure
CVE ID : CVE-2025-42997
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42997
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...