Total
1894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21403 | 2025-01-15 | 6.4 Medium | ||
| On-Premises Data Gateway Information Disclosure Vulnerability | ||||
| CVE-2023-28249 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-14 | 6.2 Medium |
| Windows Boot Manager Security Feature Bypass Vulnerability | ||||
| CVE-2023-28270 | 1 Microsoft | 8 Windows 10 1809, Windows 10 20h2, Windows 10 21h2 and 5 more | 2025-01-14 | 6.8 Medium |
| Windows Lock Screen Security Feature Bypass Vulnerability | ||||
| CVE-2023-33779 | 1 Xuxueli | 1 Xxl-job | 2025-01-14 | 8.8 High |
| A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. | ||||
| CVE-2021-26563 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 8.2 High |
| Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2024-13266 | 2025-01-14 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | ||||
| CVE-2024-13290 | 2025-01-14 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | ||||
| CVE-2023-24600 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 4.3 Medium |
| OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. | ||||
| CVE-2025-0237 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-01-13 | 5.4 Medium |
| The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. | ||||
| CVE-2023-28352 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 7.4 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. | ||||
| CVE-2023-0814 | 1 Cozmoslabs | 1 Profile Builder | 2025-01-13 | 6.5 Medium |
| The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited. | ||||
| CVE-2022-45353 | 1 Muffingroup | 1 Betheme | 2025-01-13 | 4.3 Medium |
| Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | ||||
| CVE-2020-9081 | 1 Huawei | 14 Mate 20, Mate 20 Firmware, P30 and 11 more | 2025-01-10 | 3.5 Low |
| There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081. | ||||
| CVE-2024-13291 | 2025-01-10 | 7.3 High | ||
| Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | ||||
| CVE-2024-13302 | 2025-01-10 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. | ||||
| CVE-2023-25729 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-10 | 8.8 High |
| Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||||
| CVE-2023-23604 | 1 Mozilla | 1 Firefox | 2025-01-10 | 6.5 Medium |
| A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. | ||||
| CVE-2024-13282 | 2025-01-10 | 8.8 High | ||
| Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | ||||
| CVE-2024-13281 | 2025-01-10 | 9.1 Critical | ||
| Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | ||||
| CVE-2024-13278 | 2025-01-10 | 9.1 Critical | ||
| Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | ||||