Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21187 | 1 Microsoft | 1 Power Automate For Desktop | 2025-02-05 | N/A | 7.8 HIGH |
|
Microsoft Power Automate Remote Code Execution Vulnerability
|
|||||
| CVE-2017-1545 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 2.1 LOW | 6.8 MEDIUM |
|
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
|
|||||
| CVE-2018-1457 | 3 Ibm, Linux, Microsoft | 3 Engineering Requirements Management Doors, Linux Kernel, Windows | 2025-02-05 | 7.5 HIGH | 9.8 CRITICAL |
|
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
|
|||||
| CVE-2024-8913 | 1 Posimyth | 1 The Plus Addons For Elementor | 2025-02-05 | N/A | 4.3 MEDIUM |
|
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
|
|||||
| CVE-2023-21099 | 1 Google | 1 Android | 2025-02-05 | N/A | 7.8 HIGH |
|
In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226
|
|||||
| CVE-2024-10548 | 1 Wedevs | 1 Wp Project Manager | 2025-02-05 | N/A | 6.5 MEDIUM |
|
The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators).
|
|||||
| CVE-2024-27093 | 1 Lfprojects | 1 Minder | 2025-02-05 | N/A | 4.6 MEDIUM |
|
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the ...
Show More |
|||||
| CVE-2024-54488 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-05 | N/A | 5.3 MEDIUM |
|
A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication.
|
|||||
| CVE-2023-29924 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 9.8 CRITICAL |
|
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.
|
|||||
| CVE-2023-29921 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
|
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
|
|||||
| CVE-2023-29586 | 1 Codesector | 1 Teracopy | 2025-02-05 | N/A | 5.5 MEDIUM |
|
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
|
|||||
| CVE-2023-28122 | 1 Ui | 1 Desktop | 2025-02-05 | N/A | 7.8 HIGH |
|
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later.
|
|||||
| CVE-2022-2507 | 1 Octopus | 1 Octopus Server | 2025-02-05 | N/A | 5.3 MEDIUM |
|
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
|
|||||
| CVE-2022-29608 | 1 Opennetworking | 1 Onos | 2025-02-05 | N/A | 7.5 HIGH |
|
An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop.
|
|||||
| CVE-2023-48747 | 1 Booster | 1 Booster For Woocommerce | 2025-02-05 | N/A | 6.5 MEDIUM |
|
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2.
|
|||||
| CVE-2023-47504 | 1 Elementor | 1 Website Builder | 2025-02-05 | N/A | 7.5 HIGH |
|
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
|
|||||
| CVE-2023-30611 | 1 Discourse | 1 Reactions | 2025-02-05 | N/A | 4.3 MEDIUM |
|
Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue.
|
|||||
| CVE-2023-29926 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 9.8 CRITICAL |
|
PowerJob V4.3.2 has unauthorized interface that causes remote code execution.
|
|||||
| CVE-2024-54549 | 1 Apple | 1 Macos | 2025-02-04 | N/A | 5.5 MEDIUM |
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.
|
|||||
| CVE-2024-54512 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2025-02-04 | N/A | 9.1 CRITICAL |
|
The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.2 and iPadOS 18.2. A system binary could be used to fingerprint a user's Apple Account.
|
|||||
| CVE-2024-13562 | 1 Importwp | 1 Import Wp | 2025-02-04 | N/A | 7.5 HIGH |
|
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/ directory which can contain information like imported or local user data and files.
|
|||||
| CVE-2023-31060 | 1 Repetier-server | 1 Repetier-server | 2025-02-04 | N/A | 9.8 CRITICAL |
|
Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.
|
|||||
| CVE-2023-2118 | 1 Devolutions | 1 Devolutions Server | 2025-02-04 | N/A | 5.4 MEDIUM |
|
Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.
|
|||||
| CVE-2024-36488 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 7.3 HIGH |
|
Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2023-43489 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 5.5 MEDIUM |
|
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2024-36482 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 8.2 HIGH |
|
Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-50386 | 1 Apache | 1 Cloudstack | 2025-02-04 | N/A | 8.5 HIGH |
|
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource in ...
Show More |
|||||
| CVE-2024-45761 | 3 Dell, Linux, Microsoft | 3 Openmanage Server Administrator, Linux Kernel, Windows | 2025-02-04 | N/A | 5.4 MEDIUM |
|
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
|
|||||
| CVE-2024-0172 | 1 Dell | 186 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 183 more | 2025-02-04 | N/A | 7.9 HIGH |
|
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
|
|||||
| CVE-2024-0161 | 1 Dell | 172 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 169 more | 2025-02-04 | N/A | 7.2 HIGH |
|
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
|
|||||
| CVE-2024-22459 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 6.8 MEDIUM |
|
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
|
|||||
| CVE-2024-30473 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 4.9 MEDIUM |
|
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
|
|||||
| CVE-2023-2250 | 1 Linuxfoundation | 1 Open Cluster Management | 2025-02-04 | N/A | 6.7 MEDIUM |
|
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.
|
|||||
| CVE-2023-29570 | 1 Cesanta | 1 Mjs | 2025-02-04 | N/A | 5.5 MEDIUM |
|
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
|
|||||
| CVE-2023-20871 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-02-04 | N/A | 7.8 HIGH |
|
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
|
|||||
| CVE-2024-28963 | 1 Dell | 2 Telemetry Dashboard, Thinos | 2025-02-04 | N/A | 6.2 MEDIUM |
|
Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.
|
|||||
| CVE-2025-0849 | 1 Campcodes | 1 School Management Software | 2025-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-26560 | 1 Northern.tech | 1 Cfengine | 2025-02-04 | N/A | 6.5 MEDIUM |
|
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
|
|||||
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2025-02-04 | N/A | 7.8 HIGH |
|
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
|
|||||
| CVE-2024-38296 | 1 Dell | 3 Edge Gateway 3200, Edge Gateway 5200, Intel Management Engine Firmware Update Utility | 2025-02-04 | N/A | 6.7 MEDIUM |
|
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
|
|||||