Total
21 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2498 | 1 Gitlab | 1 Gitlab | 2025-08-15 | N/A | 4.3 MEDIUM |
| An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. | |||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | |||||
| CVE-2025-22839 | 2025-08-12 | N/A | N/A | ||
| Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-5982 | 1 Gitlab | 1 Gitlab | 2025-08-12 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-4979 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | |||||
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | N/A | N/A |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-7001 | 1 Gitlab | 1 Gitlab | 2025-07-28 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. | |||||
| CVE-2025-1110 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | |||||
| CVE-2025-32703 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-05-19 | N/A | 5.5 MEDIUM |
| Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. | |||||
| CVE-2024-33058 | 2025-04-07 | N/A | 7.5 HIGH | ||
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | |||||
| CVE-2025-29987 | 2025-04-03 | N/A | N/A | ||
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | |||||
| CVE-2025-20111 | 2025-02-26 | N/A | 7.4 HIGH | ||
| A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. | |||||
| CVE-2024-39279 | 2025-02-12 | N/A | N/A | ||
| Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-39418 | 3 Debian, Postgresql, Redhat | 3 Debian Linux, Postgresql, Enterprise Linux | 2024-12-06 | N/A | 4.3 MEDIUM |
| A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. | |||||
| CVE-2024-2412 | 2024-10-14 | N/A | 5.3 MEDIUM | ||
| The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. | |||||
| CVE-2024-6867 | 1 Lunary | 1 Lunary | 2024-09-19 | N/A | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it returns not only the specified run but also all runs that have the `run_id` listed as their parent run. This issue affects the main branch, commit a761d833. The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run. | |||||
| CVE-2023-50713 | 1 Specklesystems | 1 Speckle Server | 2023-12-28 | N/A | 5.0 MEDIUM |
| Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. A malicious actor could use a token with only token write scope to subsequently generate further tokens with additional privileges. These privileges would only grant privileges up to the existing privileges of the user. This vulnerability cannot be used to escalate a user's privileges or grant privileges on behalf of other users. This has been patched as of version 2.17.6. All operators of Speckle servers should upgrade their server to version 2.17.6 or higher. Any users who authorized an application with 'token write' scope, or created a token in frontend-2 with `token write` scope should review existing tokens and permanently revoke any they do not recognize, revoke existing tokens and create new tokens, and review usage of their account for suspicious activity. No known workarounds for this issue exist. | |||||
| CVE-2023-3227 | 1 Fossbilling | 1 Fossbilling | 2023-06-17 | N/A | 5.7 MEDIUM |
| Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0. | |||||
| CVE-2022-4813 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
| Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||