Total
1263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48070 | 2025-05-21 | N/A | 3.5 LOW | ||
| Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site scripting (XSS). Version 0.23 fixes the issue. | |||||
| CVE-2024-21012 | 3 Debian, Netapp, Oracle | 10 Debian Linux, Active Iq Unified Manager, Data Infrastructure Insights Acquisition Unit and 7 more | 2025-05-21 | N/A | 3.7 LOW |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2023-31359 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | N/A | 7.3 HIGH |
| Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2023-31358 | 1 Amd | 1 Aim-t Manageability Api | 2025-05-16 | N/A | 7.3 HIGH |
| A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-28954 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20095 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-47550 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45067 | 2025-05-16 | N/A | 8.2 HIGH | ||
| Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-4660 | 2 Forescout, Microsoft | 2 Secureconnector, Windows | 2025-05-15 | N/A | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | |||||
| CVE-2022-40187 | 2 Bushnellgolf, Foresightsports | 4 Launch Pro, Launch Pro Firmware, Gc3 Launch Monitor and 1 more | 2025-05-15 | N/A | 8.0 HIGH |
| Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property. | |||||
| CVE-2024-46054 | 1 Davidguva | 1 Openvidreview | 2025-05-15 | N/A | 9.8 CRITICAL |
| OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. | |||||
| CVE-2024-36339 | 2025-05-13 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21960 | 2025-05-13 | N/A | 7.3 HIGH | ||
| Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||||
| CVE-2021-33334 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. | |||||
| CVE-2021-33333 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs. | |||||
| CVE-2021-33324 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. | |||||
| CVE-2021-33327 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. | |||||
| CVE-2022-36439 | 1 Asus | 3 Asusliveupdate, Asussoftwaremanger, System Control Interface | 2025-05-13 | N/A | 6.0 MEDIUM |
| AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. | |||||
| CVE-2022-36438 | 1 Asus | 2 Asusswitch, System Control Interface | 2025-05-13 | N/A | 7.8 HIGH |
| AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. | |||||
| CVE-2024-26280 | 1 Apache | 1 Airflow | 2025-05-13 | N/A | 4.7 MEDIUM |
| Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability | |||||