Total
3758 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29990 | 1 Microsoft | 1 Azure Kubernetes Service Confidential Containers | 2025-05-03 | 9 Critical |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | ||||
| CVE-2024-28922 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 4.1 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-21424 | 1 Microsoft | 1 Azure Compute Gallery | 2025-05-03 | 6.5 Medium |
| Azure Compute Gallery Elevation of Privilege Vulnerability | ||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management | 2025-05-03 | 6.1 Medium |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | ||||
| CVE-2022-42707 | 1 Mahara | 1 Mahara | 2025-05-02 | 7.5 High |
| In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. | ||||
| CVE-2024-13102 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13103 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13104 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13105 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13106 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13107 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13108 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-23203 | 2025-05-02 | 5.5 Medium | ||
| Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required (plus api access with regard to the api endpoints). And even though some of these Icinga Director users are restricted from accessing certain objects, are able to retrieve information related to them if their name is known. This makes it possible to change the configuration of these objects by those Icinga Director users restricted from accessing them. This results in further exploitation, data breaches and sensitive information disclosure. Affected endpoints include icingaweb2/director/service, if the host name is left out of the query; icingaweb2/directore/notification; icingaweb2/director/serviceset; and icingaweb2/director/scheduled-downtime. In addition, the endpoint `icingaweb2/director/services?host=filteredHostName` returns a status code 200 even though the services for the host is filtered. This in turn lets the restricted user know that the host `filteredHostName` exists even though the user is restricted from accessing it. This could again result in further exploitation of this information and data breaches. Icinga Director has patches in versions 1.10.3 and 1.11.1. If upgrading is not feasible, disable the director module for the users other than admin role for the time being. | ||||
| CVE-2022-24309 | 1 Mendix | 1 Mendix | 2025-05-02 | 6.8 Medium |
| A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. | ||||
| CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2025-05-02 | 2.7 Low |
| In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | ||||
| CVE-2025-46331 | 2025-05-02 | N/A | ||
| OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. This issue has been patched in version 1.8.11. | ||||
| CVE-2024-30146 | 2025-05-02 | 4.1 Medium | ||
| Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2025-46552 | 2025-05-02 | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | ||||
| CVE-2022-39887 | 1 Google | 1 Android | 2025-05-01 | 4.3 Medium |
| Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | ||||
| CVE-2022-39889 | 1 Samsung | 1 Galaxywatch4plugin | 2025-05-01 | 4 Medium |
| Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. | ||||