Total
1954 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21558 | 2025-02-04 | N/A | 5.4 MEDIUM | ||
| Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-21554 | 2025-02-04 | N/A | 5.3 MEDIUM | ||
| Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-21553 | 2025-02-04 | N/A | 4.2 MEDIUM | ||
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2024-51417 | 2025-02-04 | N/A | 6.4 MEDIUM | ||
| An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields. | |||||
| CVE-2023-2257 | 3 Apple, Devolutions, Microsoft | 3 Macos, Workspace, Windows | 2025-02-04 | N/A | 7.8 HIGH |
| Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space. | |||||
| CVE-2024-12539 | 1 Elastic | 1 Elasticsearch | 2025-02-04 | N/A | 6.5 MEDIUM |
| An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. | |||||
| CVE-2024-53553 | 2025-02-03 | N/A | 9.1 CRITICAL | ||
| An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests. | |||||
| CVE-2024-57683 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. | |||||
| CVE-2024-57681 | 2025-02-03 | N/A | 5.3 MEDIUM | ||
| An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. | |||||
| CVE-2024-57680 | 2025-02-03 | N/A | 5.3 MEDIUM | ||
| An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request. | |||||
| CVE-2024-57679 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request. | |||||
| CVE-2024-57678 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request. | |||||
| CVE-2024-57677 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. | |||||
| CVE-2024-57676 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. | |||||
| CVE-2024-3957 | 1 Booster | 1 Booster For Woocommerce | 2025-02-03 | N/A | 6.5 MEDIUM |
| The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. | |||||
| CVE-2022-25274 | 1 Drupal | 1 Drupal | 2025-02-03 | N/A | 5.4 MEDIUM |
| Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system. | |||||
| CVE-2023-27107 | 1 Myq-solution | 2 Central Server, Print Server | 2025-02-03 | N/A | 8.8 HIGH |
| Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL. | |||||
| CVE-2022-25091 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-02-03 | N/A | 5.3 MEDIUM |
| Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. | |||||
| CVE-2021-44465 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 4.3 MEDIUM |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. | |||||
| CVE-2021-23203 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 7.5 HIGH |
| Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | |||||