Total
130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3364 | 2025-04-08 | N/A | 6.7 MEDIUM | ||
| The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. | |||||
| CVE-2018-25078 | 1 Man-db Project | 1 Man-db | 2025-04-02 | N/A | 7.8 HIGH |
| man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) | |||||
| CVE-2024-21003 | 2 Netapp, Oracle | 8 Active Iq Unified Manager, Data Infrastructure Insights Acquisition Unit, Data Infrastructure Insights Storage Workload Security Agent and 5 more | 2025-03-29 | N/A | 3.1 LOW |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2024-11821 | 2025-03-20 | N/A | 4.3 MEDIUM | ||
| A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unauthorized users to alter chatbot configurations. | |||||
| CVE-2024-48013 | 2025-03-17 | N/A | 8.8 HIGH | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2024-20999 | 1 Oracle | 1 Solaris | 2025-03-17 | N/A | 8.2 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2025-22368 | 2025-03-11 | N/A | N/A | ||
| The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS. | |||||
| CVE-2025-22367 | 2025-03-11 | N/A | N/A | ||
| The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS. | |||||
| CVE-2025-22366 | 2025-03-11 | N/A | N/A | ||
| The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS. | |||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | N/A | 4.4 MEDIUM |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | |||||
| CVE-2023-27010 | 1 Wondershare | 1 Dr.fone | 2025-03-03 | N/A | 7.8 HIGH |
| Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable. | |||||
| CVE-2024-43583 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-25 | N/A | 7.8 HIGH |
| Winlogon Elevation of Privilege Vulnerability | |||||
| CVE-2023-27247 | 1 Cynet | 1 Client Agent | 2025-02-18 | N/A | 4.4 MEDIUM |
| Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens. | |||||
| CVE-2025-24814 | 2025-02-15 | N/A | 5.4 MEDIUM | ||
| Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "<lib>" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "<lib>" tags by default. | |||||
| CVE-2024-2240 | 2025-02-14 | N/A | N/A | ||
| Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. | |||||
| CVE-2024-8266 | 2025-02-13 | N/A | 4.4 MEDIUM | ||
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances. | |||||
| CVE-2024-7102 | 2025-02-13 | N/A | 9.6 CRITICAL | ||
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2024-12673 | 2025-02-12 | N/A | 7.8 HIGH | ||
| An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) | |||||
| CVE-2024-21924 | 2025-02-11 | N/A | 8.2 HIGH | ||
| SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution. | |||||
| CVE-2025-22890 | 2025-02-06 | N/A | 6.5 MEDIUM | ||
| Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained. | |||||