Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54879 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.1 CRITICAL |
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. | |||||
| CVE-2024-54880 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.1 CRITICAL |
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. | |||||
| CVE-2024-3545 | 1 Devolutions | 2 Devolutions Server, Remote Desktop Manager | 2025-03-28 | N/A | 4.3 MEDIUM |
| Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. | |||||
| CVE-2022-4139 | 1 Linux | 1 Linux Kernel | 2025-03-28 | N/A | 7.8 HIGH |
| An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2023-52373 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | N/A | 7.5 HIGH |
| Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing. | |||||
| CVE-2022-48296 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 5.3 MEDIUM |
| The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | |||||
| CVE-2022-48295 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
| The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | |||||
| CVE-2022-48301 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | N/A | 7.5 HIGH |
| The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | |||||
| CVE-2024-28746 | 1 Apache | 1 Airflow | 2025-03-20 | N/A | 8.1 HIGH |
| Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability | |||||
| CVE-2024-44193 | 1 Apple | 1 Itunes | 2025-03-13 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges. | |||||
| CVE-2023-52542 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 6.5 MEDIUM |
| Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2025-25711 | 2025-03-12 | N/A | 8.8 HIGH | ||
| An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint | |||||
| CVE-2024-56973 | 2025-02-28 | N/A | 9.8 CRITICAL | ||
| Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. | |||||
| CVE-2025-0914 | 2025-02-27 | N/A | 3.8 LOW | ||
| An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4. | |||||
| CVE-2023-28668 | 1 Jenkins | 1 Role-based Authorization Strategy | 2025-02-25 | N/A | 9.8 CRITICAL |
| Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. | |||||
| CVE-2023-6186 | 3 Debian, Fedoraproject, Libreoffice | 3 Debian Linux, Fedora, Libreoffice | 2025-02-13 | N/A | 8.3 HIGH |
| Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. | |||||
| CVE-2023-31926 | 1 Broadcom | 1 Brocade Fabric Operating System | 2025-02-13 | N/A | 7.1 HIGH |
| System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2024-36062 | 2025-02-10 | N/A | 4.0 MEDIUM | ||
| The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component. | |||||
| CVE-2020-36070 | 1 Thecontrolgroup | 1 Voyager | 2025-02-03 | N/A | 9.8 CRITICAL |
| Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | |||||
| CVE-2024-54557 | 1 Apple | 1 Macos | 2025-01-31 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system. | |||||