Search Results (9555 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40781 1 Apple 1 Macos 2026-04-02 8.4 High
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges.
CVE-2024-27826 1 Apple 9 Ipad Os, Ipados, Iphone Os and 6 more 2026-04-02 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.
CVE-2024-27811 1 Apple 8 Ios, Ipad Os, Ipados and 5 more 2026-04-02 9.1 Critical
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.
CVE-2024-23288 1 Apple 6 Ipad Os, Ipados, Iphone Os and 3 more 2026-04-02 8.4 High
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges.
CVE-2024-23276 1 Apple 1 Macos 2026-04-02 8.4 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
CVE-2024-23253 1 Apple 1 Macos 2026-04-02 7.5 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library.
CVE-2025-43333 1 Apple 1 Macos 2026-04-02 7.8 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.
CVE-2024-40861 1 Apple 1 Macos 2026-04-02 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.
CVE-2026-20607 1 Apple 1 Macos 2026-04-02 4 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
CVE-2026-28889 1 Apple 1 Xcode 2026-04-02 6.2 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
CVE-2024-44147 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2026-04-02 7.7 High
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.
CVE-2026-20631 1 Apple 1 Macos 2026-04-02 8.4 High
A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges.
CVE-2026-28867 1 Apple 7 Ios And Ipados, Ipados, Iphone Os and 4 more 2026-04-02 6.2 Medium
This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state.
CVE-2026-32916 1 Openclaw 1 Openclaw 2026-04-02 9.4 Critical
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.
CVE-2025-70887 1 Ralphje 1 Signify 2026-04-02 8.8 High
An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components
CVE-2024-49217 2 Madiri Salman Aashish, Madirisalmanaashish 2 User-drop-down-roles-in-registration, Adding Drop Down Roles In Registration 2026-04-01 9.8 Critical
Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1.
CVE-2024-24882 2 Masteriyo, Themegrill 2 Masteriyo, Masteriyo 2026-04-01 9.8 Critical
Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.
CVE-2026-32922 1 Openclaw 1 Openclaw 2026-03-31 9.9 Critical
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.
CVE-2026-31836 2 Bluewave-labs, Bluewavelabs 2 Checkmate, Checkmate 2026-03-30 8.1 High
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any authenticated user to escalate their privileges to superadmin, bypassing all role-based access controls. An attacker can modify their user role to gain complete administrative access to the application, including the ability to view all users, modify critical configurations, and access sensitive system data. At time of publication, there are no publicly available patches.
CVE-2025-11500 1 Tinycontrol 4 Lan Controller, Lk3.9, Lk4 and 1 more 2026-03-30 N/A
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off (which is a default setting), an unauthenticated attacker on the local network can obtain usernames and encoded passwords for interface management portal by inspecting the HTTP response of the server when visiting the login page, which contains a JSON file with these details. Both normal and admin users credentials are exposed.  This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).