Total
2614 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28818 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2025-03-14 | N/A | 5.9 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information. | |||||
| CVE-2024-38873 | 2025-03-14 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension. | |||||
| CVE-2024-40812 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-14 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements. | |||||
| CVE-2024-40531 | 2025-03-14 | N/A | 8.8 HIGH | ||
| A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions. | |||||
| CVE-2023-20579 | 1 Amd | 258 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250c and 255 more | 2025-03-14 | N/A | 6.0 MEDIUM |
| Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | |||||
| CVE-2019-11634 | 1 Citrix | 2 Receiver, Workspace | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix Workspace App before 1904 for Windows has Incorrect Access Control. | |||||
| CVE-2024-30481 | 1 Jch Optimize Project | 1 Jch Optimize | 2025-03-14 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0. | |||||
| CVE-2024-1675 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-14 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-41250 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-14 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | |||||
| CVE-2024-40480 | 1 Jayesh | 1 Online Exam System | 2025-03-14 | N/A | 9.8 CRITICAL |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | |||||
| CVE-2024-28805 | 2025-03-14 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. | |||||
| CVE-2024-47975 | 2025-03-14 | N/A | 7.0 HIGH | ||
| Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. | |||||
| CVE-2024-1898 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | N/A | 4.3 MEDIUM |
| Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. | |||||
| CVE-2022-41324 | 2025-03-14 | N/A | 6.5 MEDIUM | ||
| Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. | |||||
| CVE-2024-41912 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. | |||||
| CVE-2024-41251 | 1 Lopalopa | 1 Responsive School Management System | 2025-03-13 | N/A | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | |||||
| CVE-2024-25501 | 2025-03-13 | N/A | 8.8 HIGH | ||
| An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. | |||||
| CVE-2024-20929 | 1 Oracle | 1 Application Object Library | 2025-03-13 | N/A | 6.5 MEDIUM |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2024-47976 | 2025-03-13 | N/A | 6.7 MEDIUM | ||
| Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | |||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | N/A | 4.3 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | |||||