Total
3796 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42542 | 1 Samsung | 1 Push Service | 2025-03-06 | 3.3 Low |
| Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. | ||||
| CVE-2023-42540 | 1 Samsung | 1 Account | 2025-03-06 | 4 Medium |
| Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-26474 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 10 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds. | ||||
| CVE-2023-26473 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 6.5 Medium |
| XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading. | ||||
| CVE-2023-26471 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 10 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`. | ||||
| CVE-2023-22232 | 1 Adobe | 1 Connect | 2025-03-05 | 5.3 Medium |
| Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-22250 | 1 Adobe | 2 Commerce, Magento Open Source | 2025-03-05 | 5.3 Medium |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-27088 | 1 Feiqu-opensource Project | 1 Feiqu-opensource | 2025-03-05 | 8.8 High |
| feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will. | ||||
| CVE-2023-26406 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-03-05 | 7.8 High |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-26408 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-03-05 | 7.8 High |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2020-26942 | 1 Axigen | 1 Axigen Mail Server | 2025-03-05 | 9.1 Critical |
| An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. | ||||
| CVE-2025-1890 | 1 Shishuocms Project | 1 Shishuocms | 2025-03-05 | 6.3 Medium |
| A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1260 | 1 Arista | 1 Eos | 2025-03-04 | 9.1 Critical |
| On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch. | ||||
| CVE-2025-1259 | 2025-03-04 | 7.7 High | ||
| On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available | ||||
| CVE-2025-0341 | 1 Campcodes | 1 Computer Laboratory Management System | 2025-03-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-3122 | 1 Cisco | 1 Secure Email And Web Manager | 2025-03-04 | N/A |
| A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information. | ||||
| CVE-2025-1882 | 1 I-drive | 2 I11, I12 | 2025-03-04 | 5 Medium |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2025-1881 | 1 I-drive | 2 I11, I12 | 2025-03-04 | 4.3 Medium |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2025-03-03 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | ||||
| CVE-2025-1835 | 1 Osuuu | 1 Lightpicture | 2025-03-03 | 6.3 Medium |
| A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||