Total
2439 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2019-1653 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2025-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. | |||||
| CVE-2024-47758 | 1 Glpi-project | 1 Glpi | 2025-02-06 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2025-0650 | 2025-02-06 | N/A | 8.1 HIGH | ||
| A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network. | |||||
| CVE-2024-25133 | 2025-02-06 | N/A | 8.8 HIGH | ||
| A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod. | |||||
| CVE-2024-20397 | 2025-02-05 | N/A | 5.2 MEDIUM | ||
| A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. | |||||
| CVE-2022-36789 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2025-02-05 | N/A | 7.5 HIGH |
| Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-02-05 | N/A | 8.8 HIGH |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | |||||
| CVE-2023-52164 | 2025-02-05 | N/A | 5.1 MEDIUM | ||
| access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-29924 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 9.8 CRITICAL |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | |||||
| CVE-2023-29922 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | |||||
| CVE-2023-29921 | 1 Powerjob | 1 Powerjob | 2025-02-05 | N/A | 5.3 MEDIUM |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. | |||||
| CVE-2023-29586 | 1 Codesector | 1 Teracopy | 2025-02-05 | N/A | 5.5 MEDIUM |
| Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b. | |||||
| CVE-2022-35276 | 1 Intel | 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more | 2025-02-05 | N/A | 7.5 HIGH |
| Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24968 | 2025-02-04 | N/A | 8.8 HIGH | ||
| reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | |||||
| CVE-2024-36488 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 7.3 HIGH |
| Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-43489 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 5.5 MEDIUM |
| Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-22459 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 6.8 MEDIUM |
| Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace | |||||
| CVE-2024-33647 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects. | |||||
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2025-02-04 | N/A | 7.8 HIGH |
| Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | |||||