Total
4422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0582 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely.
|
|||||
| CVE-2024-3270 | 1 Thingsboard | 1 Thingsboard | 2025-02-07 | 4.7 MEDIUM | 3.8 LOW |
|
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.
|
|||||
| CVE-2024-33898 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
|
Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution.
|
|||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
|
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2024-47758 | 1 Glpi-project | 1 Glpi | 2025-02-06 | N/A | 8.8 HIGH |
|
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
|
|||||
| CVE-2025-0650 | 2025-02-06 | N/A | 8.1 HIGH | ||
|
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
|
|||||
| CVE-2024-25133 | 2025-02-06 | N/A | 8.8 HIGH | ||
|
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.
|
|||||
| CVE-2024-20397 | 2025-02-05 | N/A | 5.2 MEDIUM | ||
|
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.
This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verifi ...
Show More |
|||||
| CVE-2022-36789 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2025-02-05 | N/A | 7.5 HIGH |
|
Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-02-05 | N/A | 8.8 HIGH |
|
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
|
|||||
| CVE-2023-52164 | 2025-02-05 | N/A | 5.1 MEDIUM | ||
|
access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2023-29924 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 9.8 CRITICAL |
|
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.
|
|||||
| CVE-2023-29922 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
|
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
|
|||||
| CVE-2023-29921 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
|
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
|
|||||
| CVE-2023-29586 | 1 Codesector | 1 Teracopy | 2025-02-05 | N/A | 5.5 MEDIUM |
|
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
|
|||||
| CVE-2022-35276 | 1 Intel | 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more | 2025-02-05 | N/A | 7.5 HIGH |
|
Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-36488 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 7.3 HIGH |
|
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-43489 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 5.5 MEDIUM |
|
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2024-22459 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 6.8 MEDIUM |
|
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
|
|||||
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2025-02-04 | N/A | 7.8 HIGH |
|
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
|
|||||
| CVE-2024-24902 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 6.6 MEDIUM |
|
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.
|
|||||
| CVE-2024-13514 | 2025-02-04 | N/A | 4.3 MEDIUM | ||
|
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.
|
|||||
| CVE-2021-44465 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 4.3 MEDIUM |
|
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.
|
|||||
| CVE-2021-23203 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 7.5 HIGH |
|
Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.
|
|||||
| CVE-2024-4263 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | N/A | 5.4 MEDIUM |
|
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege u ...
Show More |
|||||
| CVE-2025-24885 | 2025-01-30 | N/A | 7.6 HIGH | ||
|
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
|
|||||
| CVE-2023-2429 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-30 | N/A | 9.8 CRITICAL |
|
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
|
|||||
| CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2025-01-29 | N/A | 9.6 CRITICAL |
|
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
|
|||||
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2025-01-29 | N/A | 7.5 HIGH |
|
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
|
|||||
| CVE-2024-25962 | 1 Dell | 1 Insightiq | 2025-01-28 | N/A | 8.3 HIGH |
|
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
|
|||||
| CVE-2025-0783 | 2025-01-28 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
|
|||||
| CVE-2025-21202 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-27 | N/A | 6.1 MEDIUM |
|
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21213 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-27 | N/A | 4.6 MEDIUM |
|
Secure Boot Security Feature Bypass Vulnerability
|
|||||
| CVE-2025-21301 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 6.5 MEDIUM |
|
Windows Geolocation Service Information Disclosure Vulnerability
|
|||||
| CVE-2025-21293 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Active Directory Domain Services Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-47760 | 1 Glpi-project | 1 Glpi | 2025-01-23 | N/A | 8.8 HIGH |
|
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
|
|||||
| CVE-2024-2481 | 1 Surya2developer | 1 Hostel Management System | 2025-01-23 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-43748 | 1 Intel | 1 Graphics Performance Analyzers Framework | 2025-01-23 | N/A | 7.8 HIGH |
|
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-40071 | 1 Intel | 1 Graphics Performance Analyzers | 2025-01-23 | N/A | 7.3 HIGH |
|
Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-10393 | 1 Themeum | 1 Tutor Lms | 2025-01-23 | N/A | 5.3 MEDIUM |
|
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
|
|||||