Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33081 | 1 Intel | 60 Ssd 600p, Ssd 600p Firmware, Ssd 660p and 57 more | 2025-02-05 | N/A | 4.4 MEDIUM |
| Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-33942 | 1 Intel | 1 Data Center Manager | 2025-02-05 | N/A | 8.8 HIGH |
| Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-02-05 | N/A | 6.5 MEDIUM |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | |||||
| CVE-2023-21087 | 1 Google | 1 Android | 2025-02-05 | N/A | 5.5 MEDIUM |
| In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | |||||
| CVE-2023-21098 | 1 Google | 1 Android | 2025-02-05 | N/A | 7.8 HIGH |
| In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 | |||||
| CVE-2024-13545 | 1 G5plus | 1 Ultimate Bootstrap Elements For Elementor | 2025-02-05 | N/A | 9.8 CRITICAL |
| The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php://filter is enabled on the server, this issue may directly lead to Remote Code Execution. | |||||
| CVE-2022-35276 | 1 Intel | 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more | 2025-02-05 | N/A | 6.7 MEDIUM |
| Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-29922 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | |||||
| CVE-2022-38125 | 1 Secomea | 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more | 2025-02-05 | N/A | 5.5 MEDIUM |
| Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. | |||||
| CVE-2023-0317 | 1 Secomea | 1 Gatemanager | 2025-02-05 | N/A | 4.9 MEDIUM |
| Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. | |||||
| CVE-2024-5147 | 1 Wpzoom | 1 Wpzoom Elementor Addons | 2025-02-05 | N/A | N/A |
| The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13408 | 1 Pickplugins | 1 Post Grid | 2025-02-05 | N/A | 8.8 HIGH |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | |||||
| CVE-2024-13409 | 1 Wpwax | 1 Post Grid\, Slider \& Carousel Ultimate | 2025-02-05 | N/A | 8.8 HIGH |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13593 | 1 Bmltenabled | 1 Meeting Map | 2025-02-04 | N/A | 8.8 HIGH |
| The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-10324 | 1 Rometheme | 1 Romethemekit For Elementor | 2025-02-04 | N/A | 4.3 MEDIUM |
| The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |||||
| CVE-2023-51544 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | N/A | 5.3 MEDIUM |
| Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. | |||||
| CVE-2024-49382 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49383 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49384 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-23449 | 1 Elastic | 1 Elasticsearch | 2025-02-04 | N/A | 5.3 MEDIUM |
| An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. | |||||