Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49804 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | N/A | 7.8 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | |||||
| CVE-2022-26024 | 1 Intel | 22 Nuc7i3dnbe, Nuc7i3dnbe Firmware, Nuc7i3dnhe and 19 more | 2025-01-29 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45647 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-01-29 | N/A | 9.8 CRITICAL |
| IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without prior knowledge of that password. | |||||
| CVE-2024-35141 | 1 Ibm | 1 Security Verify Access Docker | 2025-01-29 | N/A | 7.8 HIGH |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | |||||
| CVE-2023-30282 | 1 Prestashop | 1 Scexportcustomers | 2025-01-29 | N/A | 7.5 HIGH |
| PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table. | |||||
| CVE-2023-30331 | 1 Beetl Project | 1 Beetl | 2025-01-29 | N/A | 9.8 CRITICAL |
| An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. | |||||
| CVE-2025-23019 | 1 Ietf | 1 Ipv6 | 2025-01-29 | N/A | 6.5 MEDIUM |
| IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. | |||||
| CVE-2025-23018 | 1 Ietf | 1 Ipv6 | 2025-01-29 | N/A | 6.5 MEDIUM |
| IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136. | |||||
| CVE-2023-1094 | 1 Monicahq | 1 Monica | 2025-01-29 | N/A | 8.8 HIGH |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. | |||||
| CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2025-01-29 | N/A | 8.8 HIGH |
| An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2025-01-29 | N/A | N/A |
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | |||||
| CVE-2024-55193 | 1 Openimageio | 1 Openimageio | 2025-01-29 | N/A | 9.8 CRITICAL |
| OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | |||||
| CVE-2023-1031 | 1 Monicahq | 1 Monica | 2025-01-29 | N/A | 8.8 HIGH |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | |||||
| CVE-2024-26270 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | N/A | 5.3 MEDIUM |
| The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password. | |||||
| CVE-2024-25962 | 1 Dell | 1 Insightiq | 2025-01-28 | N/A | 6.5 MEDIUM |
| Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | |||||
| CVE-2022-38090 | 1 Intel | 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more | 2025-01-28 | N/A | 4.4 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2024-1709 | 1 Connectwise | 1 Screenconnect | 2025-01-27 | N/A | 10.0 CRITICAL |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | |||||
| CVE-2024-4978 | 1 Javs | 1 Javs Viewer | 2025-01-27 | N/A | 8.4 HIGH |
| Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands. | |||||
| CVE-2024-38112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-27 | N/A | N/A |
| Windows MSHTML Platform Spoofing Vulnerability | |||||
| CVE-2024-35142 | 1 Ibm | 1 Security Verify Access Docker | 2025-01-27 | N/A | 7.8 HIGH |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418. | |||||