Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38163 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2023-3095 | 1 Teampass | 1 Teampass | 2025-01-08 | 6.5 Medium |
| Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management | 2025-01-08 | 6.1 Medium |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | ||||
| CVE-2024-21424 | 1 Microsoft | 1 Azure Compute Gallery | 2025-01-08 | 6.5 Medium |
| Azure Compute Gallery Elevation of Privilege Vulnerability | ||||
| CVE-2024-26234 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | 6.7 Medium |
| Proxy Driver Spoofing Vulnerability | ||||
| CVE-2023-46601 | 1 Siemens | 1 Comos | 2025-01-08 | 9.6 Critical |
| A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to. | ||||
| CVE-2023-43505 | 1 Siemens | 1 Comos | 2025-01-08 | 9.6 Critical |
| A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to. | ||||
| CVE-2024-28922 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | 4.1 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-40749 | 2025-01-08 | 7.5 High | ||
| Improper Access Controls allows access to protected views. | ||||
| CVE-2023-21670 | 1 Qualcomm | 364 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 361 more | 2025-01-07 | 7.8 High |
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | ||||
| CVE-2024-28917 | 1 Microsoft | 7 Azure Arc Extension Microsoft.azstackhci.operator, Azure Arc Extension Microsoft.azure.hybridnetwork, Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider and 4 more | 2025-01-07 | 6.2 Medium |
| Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | ||||
| CVE-2024-37147 | 1 Glpi-project | 1 Glpi | 2025-01-07 | 4.3 Medium |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16. | ||||
| CVE-2023-2183 | 2 Grafana, Redhat | 2 Grafana, Ceph Storage | 2025-01-07 | 4.1 Medium |
| Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix. | ||||
| CVE-2023-38946 | 1 Multilaser | 2 Re160, Re160 Firmware | 2025-01-07 | 8.8 High |
| An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie. | ||||
| CVE-2023-38945 | 1 Multilaser | 6 Re160, Re160 Firmware, Re160v and 3 more | 2025-01-07 | 9.8 Critical |
| Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL. | ||||
| CVE-2023-25174 | 1 Intel | 1 Chipset Device Software | 2025-01-07 | 6.7 Medium |
| Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2014-3120 | 3 Elasticsearch, Redhat, Rhel Sam | 7 Elasticsearch, Fuse Esb Enterprise, Fuse Management Console and 4 more | 2025-01-06 | N/A |
| The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. | ||||
| CVE-2010-0738 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-01-06 | 5.3 Medium |
| The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | ||||
| CVE-2024-11211 | 1 Eyoucms | 1 Eyoucms | 2025-01-06 | 4.7 Medium |
| A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0206 | 2025-01-06 | 5.3 Medium | ||
| A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||