Total
2107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0358 | 2025-06-02 | N/A | 8.8 HIGH | ||
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. | |||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
| CVE-2023-50726 | 1 Argoproj | 1 Argo Cd | 2025-06-02 | N/A | 6.4 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version. | |||||
| CVE-2024-51392 | 2025-05-30 | N/A | 8.8 HIGH | ||
| An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component | |||||
| CVE-2025-4636 | 2025-05-30 | N/A | 7.8 HIGH | ||
| Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | |||||
| CVE-2023-43845 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges. | |||||
| CVE-2024-28813 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 8.4 HIGH |
| An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. | |||||
| CVE-2024-40458 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. | |||||
| CVE-2024-40459 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function | |||||
| CVE-2024-40460 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE | |||||
| CVE-2024-40461 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component | |||||
| CVE-2024-40462 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component | |||||
| CVE-2024-41199 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.2 HIGH |
| An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2023-51356 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | |||||
| CVE-2023-47837 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | N/A | 8.3 HIGH |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | |||||
| CVE-2022-35771 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | N/A | 7.8 HIGH |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | |||||
| CVE-2022-35768 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-35765 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | N/A | 7.8 HIGH |
| Storage Spaces Direct Elevation of Privilege Vulnerability | |||||
| CVE-2022-35764 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | N/A | 7.8 HIGH |
| Storage Spaces Direct Elevation of Privilege Vulnerability | |||||
| CVE-2022-35763 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-05-29 | N/A | 7.8 HIGH |
| Storage Spaces Direct Elevation of Privilege Vulnerability | |||||