Total
2269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27798 | 1 Apple | 1 Macos | 2025-03-14 | N/A | 7.8 HIGH |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5. An attacker may be able to elevate privileges. | |||||
| CVE-2024-6512 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | N/A | 6.5 MEDIUM |
| Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | |||||
| CVE-2024-49209 | 1 Archerirm | 1 Archer | 2025-03-14 | N/A | 6.5 MEDIUM |
| Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons. | |||||
| CVE-2024-49208 | 1 Archerirm | 1 Archer | 2025-03-14 | N/A | 5.9 MEDIUM |
| Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons. | |||||
| CVE-2024-40771 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-14 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2024-46918 | 1 Misp | 1 Misp | 2025-03-13 | N/A | 4.9 MEDIUM |
| app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | |||||
| CVE-2023-52374 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-24500 | 2025-03-13 | N/A | N/A | ||
| The vulnerability allows an unauthenticated attacker to access information in PAM database. | |||||
| CVE-2025-29997 | 2025-03-13 | N/A | N/A | ||
| This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts. | |||||
| CVE-2023-51405 | 1 Reputeinfosystems | 1 Bookingpress | 2025-03-12 | N/A | 5.3 MEDIUM |
| Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74. | |||||
| CVE-2023-23506 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access user-sensitive data. | |||||
| CVE-2023-50946 | 3 Ibm, Linux, Microsoft | 4 Aix, Common Licensing, Linux Kernel and 1 more | 2025-03-11 | N/A | 6.5 MEDIUM |
| IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | |||||
| CVE-2023-23510 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access a user’s Safari history. | |||||
| CVE-2022-46704 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-27822 | 2025-03-07 | N/A | 7.5 HIGH | ||
| An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission. | |||||
| CVE-2023-42553 | 1 Samsung | 1 Email | 2025-03-06 | N/A | 4.0 MEDIUM |
| Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | |||||
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2025-03-06 | N/A | 4.0 MEDIUM |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | |||||
| CVE-2023-0328 | 1 Wpcode | 1 Wpcode | 2025-03-06 | N/A | 4.3 MEDIUM |
| The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). | |||||
| CVE-2023-22891 | 1 Smartbear | 1 Zephyr Enterprise | 2025-03-05 | N/A | 8.1 HIGH |
| There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | |||||
| CVE-2022-4315 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-03-04 | N/A | 5.0 MEDIUM |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | |||||