Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29518 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1094 1 Monicahq 1 Monica 2025-01-29 N/A 8.8 HIGH
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.
CVE-2024-38175 1 Microsoft 1 Azure Managed Instance For Apache Cassandra 2025-01-29 N/A 9.6 CRITICAL
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
CVE-2024-43477 1 Microsoft 1 Entra Id 2025-01-29 N/A 7.5 HIGH
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
CVE-2022-36537 1 Zkoss 1 Zk Framework 2025-01-29 N/A 7.5 HIGH
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
CVE-2024-55193 1 Openimageio 1 Openimageio 2025-01-29 N/A 9.8 CRITICAL
OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
CVE-2023-1031 1 Monicahq 1 Monica 2025-01-29 N/A 8.8 HIGH
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.
CVE-2024-26270 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 N/A 6.5 MEDIUM
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.
CVE-2024-25962 1 Dell 1 Insightiq 2025-01-28 N/A 8.3 HIGH
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
CVE-2022-38090 1 Intel 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more 2025-01-28 N/A 6.0 MEDIUM
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-23591 1 Lenovo 2 Thinksystem Sr670 V2, Thinksystem Sr670 V2 Firmware 2025-01-28 N/A 2.0 LOW
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.
CVE-2024-1709 1 Connectwise 1 Screenconnect 2025-01-27 N/A 10.0 CRITICAL
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CVE-2024-4978 1 Javs 1 Javs Viewer 2025-01-27 N/A 8.4 HIGH
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
CVE-2024-38112 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-01-27 N/A 7.5 HIGH
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-35142 1 Ibm 1 Security Verify Access Docker 2025-01-27 N/A 8.4 HIGH
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: 292418.
CVE-2023-31497 1 Seqrite 1 End Point Security 2025-01-27 N/A 7.8 HIGH
Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system.
CVE-2023-28360 1 Brave 1 Brave 2025-01-27 N/A 4.3 MEDIUM
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.
CVE-2024-1603 1 Paddlepaddle 1 Paddlepaddle 2025-01-24 N/A 7.5 HIGH
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
CVE-2023-21103 1 Google 1 Android 2025-01-24 N/A 5.5 MEDIUM
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622
CVE-2023-21116 1 Google 1 Android 2025-01-24 N/A 6.7 MEDIUM
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273
CVE-2023-29818 1 Webroot 1 Secureanywhere 2025-01-24 N/A 5.5 MEDIUM
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.