Total
1894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24880 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more | 2025-01-01 | 4.4 Medium |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2023-21560 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 6.6 Medium |
| Windows Boot Manager Security Feature Bypass Vulnerability | ||||
| CVE-2024-39025 | 2024-12-31 | 7.5 High | ||
| Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. | ||||
| CVE-2024-26016 | 1 Apache | 1 Superset | 2024-12-31 | 4.3 Medium |
| A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue. | ||||
| CVE-2024-24779 | 1 Apache | 1 Superset | 2024-12-31 | 5 Medium |
| Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | ||||
| CVE-2024-24773 | 1 Apache | 1 Superset | 2024-12-31 | 4.9 Medium |
| Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. | ||||
| CVE-2022-31644 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | 7.8 High |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||||
| CVE-2022-31646 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | 7.8 High |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||||
| CVE-2024-50945 | 2024-12-28 | 7.5 High | ||
| An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product. | ||||
| CVE-2021-4352 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-12-28 | 5.3 Medium |
| The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. | ||||
| CVE-2020-36710 | 1 Wpserveur | 1 Wps Hide Login | 2024-12-28 | 5.3 Medium |
| The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2. | ||||
| CVE-2024-47157 | 2024-12-27 | 2.9 Low | ||
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2024-47148 | 2024-12-26 | 4 Medium | ||
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2024-9902 | 1 Redhat | 4 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 1 more | 2024-12-24 | 6.3 Medium |
| A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. | ||||
| CVE-2023-4617 | 2024-12-20 | 10 Critical | ||
| Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9. | ||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2024-12-20 | 9.8 Critical |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | ||||
| CVE-2024-38856 | 1 Apache | 1 Ofbiz | 2024-12-20 | 9.8 Critical |
| Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | ||||
| CVE-2018-9374 | 1 Google | 2 Android, Pixel | 2024-12-18 | 7.8 High |
| In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30260 | 3 Fedoraproject, Nodejs, Redhat | 3 Fedora, Undici, Openshift Devspaces | 2024-12-18 | 3.9 Low |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | ||||
| CVE-2024-54495 | 1 Apple | 1 Macos | 2024-12-18 | 5.5 Medium |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the file system. | ||||