Total
3030 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21150 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-02-10 | N/A | 6.1 MEDIUM |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2019-20462 | 2025-02-10 | N/A | 5.3 MEDIUM | ||
| An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used. | |||||
| CVE-2025-0802 | 1 Mayurik | 1 Best Employee Management System | 2025-02-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-21185 | 1 Microsoft | 1 Edge Chromium | 2025-02-07 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2020-36831 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | N/A | 5.0 MEDIUM |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user. | |||||
| CVE-2022-26389 | 2025-02-07 | N/A | 7.7 HIGH | ||
| An improper access control vulnerability may allow privilege escalation.This issue affects: * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior; * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph: Versions 2.3.1 and prior; * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: Versions 2.2.0 and prior. | |||||
| CVE-2024-13457 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | N/A | 5.3 MEDIUM |
| The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view order details of orders they did not place, which includes ticket prices, user emails and order date. | |||||
| CVE-2025-0582 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely. | |||||
| CVE-2023-27350 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-02-07 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2025-02-07 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2024-3270 | 1 Thingsboard | 1 Thingsboard | 2025-02-07 | 4.7 MEDIUM | 3.8 LOW |
| A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7. | |||||
| CVE-2024-33898 | 2025-02-06 | N/A | 9.8 CRITICAL | ||
| Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. | |||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2019-1653 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2025-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. | |||||
| CVE-2024-47758 | 1 Glpi-project | 1 Glpi | 2025-02-06 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2025-0650 | 2025-02-06 | N/A | 8.1 HIGH | ||
| A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network. | |||||
| CVE-2024-25133 | 2025-02-06 | N/A | 8.8 HIGH | ||
| A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod. | |||||
| CVE-2024-20397 | 2025-02-05 | N/A | 5.2 MEDIUM | ||
| A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. | |||||
| CVE-2022-36789 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2025-02-05 | N/A | 7.5 HIGH |
| Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-02-05 | N/A | 8.8 HIGH |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | |||||