Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63384 | 1 Chipsalliance | 1 Rocketchip | 2026-02-05 | N/A | 6.5 MEDIUM |
| A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode (M-mode) to Supervisor-mode (S-mode) as specified by the sstatus.SPP bit, the processor incorrectly remains in M-mode, leading to a critical privilege retention vulnerability. | |||||
| CVE-2026-1411 | 1 Beetel | 2 777vr1, 777vr1 Firmware | 2026-01-30 | 5.9 MEDIUM | 6.1 MEDIUM |
| A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14503 | 1 Amazon | 1 Harmonix | 2026-01-30 | N/A | 7.2 HIGH |
| An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1. | |||||
| CVE-2025-67953 | 2026-01-29 | N/A | 8.1 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44. | |||||
| CVE-2025-67966 | 2026-01-29 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | |||||
| CVE-2025-68027 | 2026-01-28 | N/A | 7.3 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32. | |||||
| CVE-2025-68869 | 2026-01-28 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.4.01. | |||||
| CVE-2024-54383 | 1 Wpwebelite | 1 Woocommerce Pdf Vouchers | 2026-01-28 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | |||||
| CVE-2025-69183 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | |||||
| CVE-2025-69182 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. | |||||
| CVE-2025-50007 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. | |||||
| CVE-2025-69293 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5. | |||||
| CVE-2025-69292 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. | |||||
| CVE-2026-23800 | 2026-01-26 | N/A | 10.0 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. | |||||
| CVE-2026-22907 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-01-23 | N/A | 9.9 CRITICAL |
| An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. | |||||
| CVE-2026-22908 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-01-23 | N/A | 9.1 CRITICAL |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. | |||||
| CVE-2026-22914 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-01-23 | N/A | 4.3 MEDIUM |
| An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation. | |||||
| CVE-2026-22916 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-01-23 | N/A | 4.3 MEDIUM |
| An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration. | |||||
| CVE-2025-67279 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | N/A | 5.3 MEDIUM |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format | |||||
| CVE-2025-67278 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | N/A | 6.5 MEDIUM |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request | |||||