Total
1954 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0781 | 2025-01-29 | N/A | 8.6 HIGH | ||
| An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. | |||||
| CVE-2023-24505 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2025-01-29 | N/A | 5.3 MEDIUM |
| Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. | |||||
| CVE-2023-23538 | 1 Apple | 1 Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-27954 | 2 Apple, Debian | 7 Ipados, Iphone Os, Macos and 4 more | 2025-01-29 | N/A | 6.5 MEDIUM |
| The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. | |||||
| CVE-2023-27951 | 1 Apple | 1 Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper. | |||||
| CVE-2020-23362 | 1 Yershop Project | 1 Yershop | 2025-01-29 | N/A | 7.1 HIGH |
| Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | |||||
| CVE-2024-41140 | 2025-01-29 | N/A | 8.1 HIGH | ||
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | |||||
| CVE-2025-24479 | 2025-01-28 | N/A | N/A | ||
| A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user. | |||||
| CVE-2024-37002 | 2025-01-28 | N/A | 7.8 HIGH | ||
| A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||||
| CVE-2023-41779 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | N/A | 4.4 MEDIUM |
| There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | |||||
| CVE-2018-13382 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-01-27 | 5.0 MEDIUM | 9.1 CRITICAL |
| An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests | |||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | |||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | |||||
| CVE-2025-21403 | 1 Microsoft | 1 On-prem Data Gateway | 2025-01-27 | N/A | 6.4 MEDIUM |
| On-Premises Data Gateway Information Disclosure Vulnerability | |||||
| CVE-2023-28357 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | |||||
| CVE-2023-20880 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-01-27 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 8.8 HIGH |
| VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | |||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | N/A | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | |||||
| CVE-2023-21116 | 1 Google | 1 Android | 2025-01-24 | N/A | 6.7 MEDIUM |
| In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 | |||||
| CVE-2024-29834 | 1 Apache | 1 Pulsar | 2025-01-24 | N/A | 6.4 MEDIUM |
| This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1. 3.0 Apache Pulsar users should upgrade to at least 3.0.4. 3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. | |||||