Total
32687 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1460 | 2 Microsoft, Msi | 2 Windows, Afterburner | 2025-10-14 | N/A | 5.6 MEDIUM |
| MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | |||||
| CVE-2024-20906 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2025-10-14 | N/A | 4.8 MEDIUM |
| Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-0799 | 1 Arcserve | 1 Udp | 2025-10-14 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin. | |||||
| CVE-2025-23367 | 1 Redhat | 2 Jboss Enterprise Application Platform, Wildfly | 2025-10-14 | N/A | 6.5 MEDIUM |
| A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. | |||||
| CVE-2024-4428 | 1 Menulux | 1 Managment Portal | 2025-10-14 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024. | |||||
| CVE-2024-4341 | 1 Extremepacs | 1 Extreme Xds | 2025-10-14 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. | |||||
| CVE-2024-4259 | 1 Sambas | 1 Akos | 2025-10-14 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | |||||
| CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2025-10-14 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | |||||
| CVE-2024-1744 | 1 Accordors | 1 Accord Ors | 2025-10-14 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1. | |||||
| CVE-2024-1662 | 1 Porty | 1 Powerbank | 2025-10-14 | N/A | 7.5 HIGH |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02. | |||||
| CVE-2024-1153 | 1 Talyabilisim | 1 Travel Apps | 2025-10-14 | N/A | 4.6 MEDIUM |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68. | |||||
| CVE-2020-24028 | 1 Forlogic | 1 Qualiex | 2025-10-14 | 6.5 MEDIUM | 8.8 HIGH |
| ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced server-side, restricting actions to the user’s own permission scope." | |||||
| CVE-2024-4596 | 1 Kimai | 1 Kimai | 2025-10-10 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-28247 | 1 Pi-hole | 1 Pi-hole | 2025-10-10 | N/A | 7.6 HIGH |
| The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18. | |||||
| CVE-2025-59943 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-10-10 | N/A | 8.1 HIGH |
| phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13. | |||||
| CVE-2023-27539 | 2 Debian, Rack | 2 Debian Linux, Rack | 2025-10-10 | N/A | 5.3 MEDIUM |
| There is a denial of service vulnerability in the header parsing component of Rack. | |||||
| CVE-2024-23482 | 1 Zscaler | 1 Client Connector | 2025-10-10 | N/A | 7.0 HIGH |
| The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later. | |||||
| CVE-2024-43831 | 1 Linux | 1 Linux Kernel | 2025-10-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. | |||||
| CVE-2024-43832 | 1 Linux | 1 Linux Kernel | 2025-10-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After we dropped the PTL, the folio could get freed concurrently. So grab a temporary reference. | |||||
| CVE-2024-43865 | 1 Linux | 1 Linux Kernel | 2025-10-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in load_fpu_state() With the recent rewrite of the fpu code exception handling for the lfpc instruction within load_fpu_state() was erroneously removed. Add it again to prevent that loading invalid floating point register values cause an unhandled specification exception. | |||||