7.3
CVE-2023-41076 -
An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code.
4
CVE-2023-42973 -
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.
5.4
CVE-2023-42981 -
Processing a file may lead to a denial-of-service or potentially disclose memory contents. This issue is fixed in macOS 14. The issue was addressed with improved checks.
4.6
CVE-2025-32426 - Formie has a XSS vulnerability for email notification content for preview
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would requirβ¦
5.3
CVE-2025-32427 - Formie has a XSS vulnerability for importing forms
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have β¦
6.1
CVE-2025-3421 - Everest Forms <= 3.1.1 - Reflected Cross-Site Scripting
The Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. Thβ¦
5.4
CVE-2025-3422 - Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properlyβ¦
9.8
CVE-2025-3439 - Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.β¦
The Everest Forms β Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for β¦
7.8
CVE-2024-13861 -
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.
7.7
CVE-2024-52280 - Users can issue watch commands for arbitrary resources
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.