Total
32192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27703 | 1 Mypikpak | 1 Pikpak | 2025-02-10 | N/A | 3.3 LOW |
| The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface. | |||||
| CVE-2023-27654 | 1 Whoapp | 1 Who | 2025-02-10 | N/A | 9.8 CRITICAL |
| An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. | |||||
| CVE-2023-27653 | 1 Whoapp | 1 Who | 2025-02-10 | N/A | 7.5 HIGH |
| An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. | |||||
| CVE-2023-27651 | 1 Egostudiogroup | 1 Superclean | 2025-02-10 | N/A | 7.8 HIGH |
| An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file. | |||||
| CVE-2023-27647 | 1 Dualspace | 1 Lock Master | 2025-02-10 | N/A | 7.1 HIGH |
| An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method. | |||||
| CVE-2023-23591 | 1 Terminalfour | 1 Terminalfour | 2025-02-10 | N/A | 4.9 MEDIUM |
| The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1. | |||||
| CVE-2018-15472 | 1 Gitlab | 1 Gitlab | 2025-02-10 | N/A | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. | |||||
| CVE-2024-6411 | 1 Metagauss | 1 Profilegrid | 2025-02-10 | N/A | 8.8 HIGH |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator. | |||||
| CVE-2024-37484 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-10 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. | |||||
| CVE-2025-0802 | 1 Mayurik | 1 Best Employee Management System | 2025-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-22515 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-02-09 | N/A | 9.8 CRITICAL |
| Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |||||
| CVE-2023-29580 | 1 Yasm Project | 1 Yasm | 2025-02-08 | N/A | 5.5 MEDIUM |
| yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. | |||||
| CVE-2023-29574 | 1 Axiosys | 1 Bento4 | 2025-02-08 | N/A | 5.5 MEDIUM |
| Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component. | |||||
| CVE-2023-29571 | 1 Cesanta | 1 Mjs | 2025-02-08 | N/A | 5.5 MEDIUM |
| Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2022-45180 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator). | |||||
| CVE-2025-21185 | 1 Microsoft | 1 Edge Chromium | 2025-02-07 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-45178 | 1 Liveboxcloud | 1 Vdesk | 2025-02-07 | N/A | 8.8 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role. | |||||
| CVE-2024-20864 | 1 Samsung | 1 Android | 2025-02-07 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. | |||||
| CVE-2024-20855 | 1 Samsung | 1 Android | 2025-02-07 | N/A | 2.4 LOW |
| Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. | |||||
| CVE-2024-39557 | 1 Juniper | 1 Junos Os Evolved | 2025-02-07 | N/A | 6.5 MEDIUM |
| An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node Application Context Name Live Allocs Fails Guids re0 l2ald-agent net::juniper::rtnh::L2Rtinfo 1069096 1069302 0 1069302 re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | |||||