Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33058 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8035 and 375 more | 2025-10-03 | N/A | 7.5 HIGH |
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | |||||
| CVE-2025-7493 | 2025-10-02 | N/A | 9.1 CRITICAL | ||
| A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | |||||
| CVE-2024-21971 | 2025-09-23 | N/A | 5.5 MEDIUM | ||
| Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service. | |||||
| CVE-2024-21947 | 2025-09-23 | N/A | 7.5 HIGH | ||
| Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level. | |||||
| CVE-2023-31343 | 2025-09-23 | N/A | 7.5 HIGH | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | |||||
| CVE-2023-31342 | 2025-09-23 | N/A | 7.5 HIGH | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | |||||
| CVE-2023-40070 | 2 Apple, Intel | 2 Macos, Power Gadget | 2025-09-02 | N/A | 8.8 HIGH |
| Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-45217 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 8.8 HIGH |
| Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-13272 | 1 Paragraphs Table Project | 1 Paragraphs Table | 2025-08-27 | N/A | 6.3 MEDIUM |
| Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | |||||
| CVE-2024-8927 | 1 Php | 1 Php | 2025-08-19 | N/A | 7.5 HIGH |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | |||||
| CVE-2025-2498 | 1 Gitlab | 1 Gitlab | 2025-08-15 | N/A | 3.1 LOW |
| An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. | |||||
| CVE-2025-31961 | 2025-08-15 | N/A | 3.7 LOW | ||
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||||
| CVE-2023-43040 | 1 Ibm | 1 Storage Fusion Hci | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. | |||||
| CVE-2025-22839 | 2025-08-13 | N/A | 7.5 HIGH | ||
| Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 5.2 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | |||||
| CVE-2025-5982 | 1 Gitlab | 1 Gitlab | 2025-08-12 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-4979 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | |||||
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2024-11931 | 1 Gitlab | 1 Gitlab | 2025-08-05 | N/A | 6.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. | |||||