Total
2622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21301 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 6.5 MEDIUM |
| Windows Geolocation Service Information Disclosure Vulnerability | |||||
| CVE-2025-21293 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-24 | N/A | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2025-0702 | 2025-01-24 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2024-35122 | 2025-01-24 | N/A | 2.8 LOW | ||
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | |||||
| CVE-2024-47760 | 1 Glpi-project | 1 Glpi | 2025-01-23 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-2481 | 1 Surya2developer | 1 Hostel Management System | 2025-01-23 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-43748 | 1 Intel | 1 Graphics Performance Analyzers Framework | 2025-01-23 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-40071 | 1 Intel | 1 Graphics Performance Analyzers | 2025-01-23 | N/A | 7.3 HIGH |
| Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-10393 | 1 Themeum | 1 Tutor Lms | 2025-01-23 | N/A | 5.3 MEDIUM |
| The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | |||||
| CVE-2023-39244 | 1 Dell | 1 Enterprise Storage Integrator For Sap Landscape Management | 2025-01-23 | N/A | 7.3 HIGH |
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | |||||
| CVE-2024-25980 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 4.3 MEDIUM |
| Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-25981 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 4.3 MEDIUM |
| Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | |||||
| CVE-2024-51734 | 2025-01-22 | N/A | N/A | ||
| Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`. | |||||
| CVE-2025-0206 | 1 Code-projects | 1 Online Shoe Store | 2025-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-21340 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-21 | N/A | 5.5 MEDIUM |
| Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | |||||
| CVE-2024-0795 | 1 Mintplexlabs | 1 Anythingllm | 2025-01-21 | N/A | 7.2 HIGH |
| If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance | |||||
| CVE-2023-52711 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | N/A | 7.8 HIGH |
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM | |||||
| CVE-2023-52712 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | N/A | 7.8 HIGH |
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | |||||
| CVE-2025-21405 | 1 Microsoft | 1 Visual Studio 2022 | 2025-01-17 | N/A | 7.3 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-55954 | 2025-01-16 | N/A | 8.7 HIGH | ||
| OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the highest-privileged account. Due to insufficient role checks, the `remove_user_from_org` function does not prevent an "Admin" user from removing a "Root" user. As a result, an attacker with an "Admin" role can remove critical "Root" users, potentially gaining effective full control by eliminating the highest-privileged accounts. The `DELETE /api/{org_id}/users/{email_id}` endpoint is affected. This issue has been addressed in release version `0.14.1` and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||