Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-10 | CVE-2024-54467 | Unspecified vulnerability in Apple products A cookie management issue was addressed with improved state management. | 6.5 |
| 2025-03-10 | CVE-2024-54469 | Information Exposure vulnerability in Apple products The issue was addressed with improved checks. | 5.5 |
| 2025-03-10 | CVE-2024-54473 | Information Exposure vulnerability in Apple Macos This issue was addressed with improved redaction of sensitive information. | 5.5 |
| 2025-03-10 | CVE-2024-54546 | Resource Exhaustion vulnerability in Apple Macos The issue was addressed with improved memory handling. | 7.5 |
| 2025-03-10 | CVE-2024-54560 | Unspecified vulnerability in Apple products A logic issue was addressed with improved checks. | 5.5 |
| 2025-03-10 | CVE-2025-24813 | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. | 9.8 |
| 2025-03-10 | CVE-2024-47109 | IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system. | 5.3 |
| 2025-03-10 | CVE-2024-52905 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user. | 2.7 |
| 2025-03-10 | CVE-2024-12604 | Information Exposure Through Environmental Variables vulnerability in Tapandsign Tap&Sign Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025. | 6.5 |
| 2025-03-10 | CVE-2025-26910 | Cross-Site Request Forgery (CSRF) vulnerability in Iqonicdesign Wpbookit Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. | 6.1 |