Total
2386 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41610 | 1 Intel | 2 Endpoint Management Assistant Configuration Tool, Manageability Commander | 2025-01-27 | 5 Medium |
| Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 6.5 Medium |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | ||||
| CVE-2023-21116 | 1 Google | 1 Android | 2025-01-24 | 6.7 Medium |
| In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 | ||||
| CVE-2024-3388 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-01-24 | 4.1 Medium |
| A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | ||||
| CVE-2023-29819 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | 5.5 Medium |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | ||||
| CVE-2023-29818 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | 5.5 Medium |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | ||||
| CVE-2024-24966 | 1 F5 | 2 F5os-a, F5os-c | 2025-01-24 | 6.2 Medium |
| When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-1482 | 1 Github | 1 Enterprise Server | 2025-01-23 | 7.1 High |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-50886 | 1 Wpwax | 1 Legal Pages | 2025-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. | ||||
| CVE-2023-23445 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 7.5 High |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. | ||||
| CVE-2023-23446 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 7.5 High |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. | ||||
| CVE-2023-29927 | 1 Sage | 1 Sage 300 | 2025-01-23 | 4.3 Medium |
| Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls. | ||||
| CVE-2024-52518 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-23 | 4.4 Medium |
| Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | ||||
| CVE-2023-28249 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-23 | 6.2 Medium |
| Windows Boot Manager Security Feature Bypass Vulnerability | ||||
| CVE-2023-28270 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2025-01-23 | 6.8 Medium |
| Windows Lock Screen Security Feature Bypass Vulnerability | ||||
| CVE-2023-2782 | 1 Acronis | 1 Cyber Infrastructure | 2025-01-22 | 5.5 Medium |
| Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. | ||||
| CVE-2023-31597 | 1 Zammad | 1 Zammad | 2025-01-22 | 6.5 Medium |
| An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets. | ||||
| CVE-2023-26818 | 1 Telegram | 1 Telegram | 2025-01-21 | 5.5 Medium |
| Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | ||||
| CVE-2023-31726 | 1 Alist Project | 1 Alist | 2025-01-21 | 7.5 High |
| AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2024-52584 | 1 Autolabproject | 1 Autolab | 2025-01-21 | 5.4 Medium |
| Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. | ||||