Total
2327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50726 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2025-06-02 | 6.4 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version. | ||||
| CVE-2019-25071 | 1 Apple | 1 Iphone Os | 2025-05-30 | 6.3 Medium |
| A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. | ||||
| CVE-2024-51392 | 2025-05-30 | 8.8 High | ||
| An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component | ||||
| CVE-2025-4636 | 2025-05-30 | 7.8 High | ||
| Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | ||||
| CVE-2023-43845 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | 9.8 Critical |
| Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges. | ||||
| CVE-2024-28813 | 2 Infinera, Nokia | 3 Hit 7300, Hit 7300, Hit 7300 Firmware | 2025-05-30 | 8.4 High |
| An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. | ||||
| CVE-2024-40458 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.8 High |
| An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. | ||||
| CVE-2024-40459 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.8 High |
| An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function | ||||
| CVE-2024-40460 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.8 High |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE | ||||
| CVE-2024-40461 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.8 High |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component | ||||
| CVE-2024-40462 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.8 High |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component | ||||
| CVE-2024-41199 | 1 Ocuco | 1 Innovation | 2025-05-30 | 7.2 High |
| An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | ||||
| CVE-2023-51356 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | 8.8 High |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | ||||
| CVE-2023-47837 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | 8.3 High |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | ||||
| CVE-2022-35771 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | 7.8 High |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | ||||
| CVE-2022-35768 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-35765 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||
| CVE-2022-35764 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||
| CVE-2022-35763 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||
| CVE-2022-35762 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | 7.8 High |
| Storage Spaces Direct Elevation of Privilege Vulnerability | ||||