Total
2263 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29871 | 2 Intel, Intel Csme Software Installer | 432 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 429 more | 2025-02-13 | 6.7 Medium |
| Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2025-02-13 | 7.4 High |
| A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2024-36055 | 2025-02-13 | 5.5 Medium | ||
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD). | ||||
| CVE-2024-31682 | 1 Phonecleaner | 1 Boost\&cleaner | 2025-02-13 | 9.8 Critical |
| Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API. | ||||
| CVE-2022-2220 | 2025-02-13 | 0.0 Low | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2019-7192 | 1 Qnap | 2 Photo Station, Qts | 2025-02-13 | 9.8 Critical |
| This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. | ||||
| CVE-2025-1214 | 2025-02-12 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0781 | 2025-02-12 | 8.6 High | ||
| An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. | ||||
| CVE-2025-24479 | 2025-02-12 | N/A | ||
| A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user. | ||||
| CVE-2024-41140 | 2025-02-12 | 8.1 High | ||
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | ||||
| CVE-2025-0937 | 2025-02-12 | 7.1 High | ||
| Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. | ||||
| CVE-2024-1155 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2025-02-12 | 7.8 High |
| Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-1156 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2025-02-12 | 7.8 High |
| Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. | ||||
| CVE-2024-31441 | 2 Dataease, Dataease Project | 2 Dataease, Dataease | 2025-02-12 | 7.5 High |
| DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19. | ||||
| CVE-2025-0516 | 1 Gitlab | 1 Gitlab | 2025-02-12 | 4.3 Medium |
| Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data. | ||||
| CVE-2023-25547 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-02-12 | 8.8 High |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2024-55633 | 1 Apache | 1 Superset | 2025-02-12 | 6.5 Medium |
| Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | ||||
| CVE-2024-53949 | 1 Apache | 1 Superset | 2025-02-12 | 6.5 Medium |
| Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | ||||
| CVE-2024-7624 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-11 | 8.1 High |
| The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings. | ||||
| CVE-2024-27288 | 1 Fit2cloud | 1 1panel | 2025-02-11 | 6.3 Medium |
| 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds. | ||||