Total
1230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42128 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 5.3 MEDIUM |
| The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API. | |||||
| CVE-2022-42127 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | N/A | 5.3 MEDIUM |
| The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page. | |||||
| CVE-2025-32981 | 2025-04-29 | N/A | 7.1 HIGH | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | |||||
| CVE-2025-42598 | 2025-04-29 | N/A | 7.8 HIGH | ||
| Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed. | |||||
| CVE-2022-37018 | 1 Hp | 150 Elite Slice, Elite Slice Firmware, Elite X2 1012 G1 and 147 more | 2025-04-29 | N/A | 8.4 HIGH |
| A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. | |||||
| CVE-2022-1038 | 1 Hp | 481 15-f200 Notebook Pc Touch, 240 G5 Notebook Pc, 240 G6 Notebook Pc and 478 more | 2025-04-29 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | |||||
| CVE-2021-3437 | 1 Hp | 50 Envy Te01-0xxx, Envy Te01-1xxx, Envy Te01-2xxx and 47 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities. | |||||
| CVE-2022-30355 | 1 Ovaledge | 1 Ovaledge | 2025-04-28 | N/A | 9.8 CRITICAL |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. | |||||
| CVE-2022-42718 | 1 Ni | 1 Labview Command Line Interface | 2025-04-24 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2025-04-24 | N/A | 9.8 CRITICAL |
| An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | |||||
| CVE-2022-42446 | 1 Hcltech | 1 Sametime | 2025-04-24 | N/A | 6.5 MEDIUM |
| Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. | |||||
| CVE-2022-45562 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2025-04-24 | N/A | 8.8 HIGH |
| Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. | |||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | N/A | 9.8 CRITICAL |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | |||||
| CVE-2022-32207 | 6 Apple, Debian, Fedoraproject and 3 more | 19 Macos, Debian Linux, Fedora and 16 more | 2025-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
| CVE-2022-46382 | 1 Rackn | 1 Digital Rebar | 2025-04-23 | N/A | 8.8 HIGH |
| RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the validation process of these tokens, Digital Rebar did not check if the user account still exists. Deleted Digital Rebar users could still use their tokens to perform actions within Digital Rebar. | |||||
| CVE-2023-49338 | 1 Couchbase | 1 Couchbase Server | 2025-04-23 | N/A | 7.5 HIGH |
| Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost. | |||||
| CVE-2024-20005 | 2 Google, Mediatek | 38 Android, Mt6761, Mt6762 and 35 more | 2025-04-22 | N/A | 8.2 HIGH |
| In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599. | |||||
| CVE-2024-48572 | 1 Aquila-cms | 1 Aquilacms | 2025-04-22 | N/A | 5.3 MEDIUM |
| A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | |||||
| CVE-2022-20611 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242996180 | |||||
| CVE-2022-20475 | 1 Google | 1 Android | 2025-04-22 | N/A | 7.8 HIGH |
| In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194 | |||||