Total
2898 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29586 | 1 Codesector | 1 Teracopy | 2025-02-05 | N/A | 5.5 MEDIUM |
| Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b. | |||||
| CVE-2022-35276 | 2025-02-05 | N/A | 7.5 HIGH | ||
| Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36488 | 1 Intel | 1 Driver \& Support Assistant | 2025-02-04 | N/A | 7.3 HIGH |
| Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-43489 | 1 Intel | 1 Computing Improvement Program | 2025-02-04 | N/A | 5.5 MEDIUM |
| Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-22459 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | N/A | 6.8 MEDIUM |
| Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace | |||||
| CVE-2024-33647 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects. | |||||
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2025-02-04 | N/A | 7.8 HIGH |
| Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | |||||
| CVE-2024-24902 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-02-04 | N/A | 6.6 MEDIUM |
| Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time. | |||||
| CVE-2024-13514 | 2025-02-04 | N/A | 4.3 MEDIUM | ||
| The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to. | |||||
| CVE-2024-35177 | 2025-02-03 | N/A | 7.8 HIGH | ||
| Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-44465 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 4.3 MEDIUM |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. | |||||
| CVE-2021-23203 | 1 Odoo | 1 Odoo | 2025-02-03 | N/A | 7.5 HIGH |
| Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | |||||
| CVE-2024-4263 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | N/A | 5.4 MEDIUM |
| A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them. | |||||
| CVE-2024-45326 | 1 Fortinet | 1 Fortideceptor | 2025-01-31 | N/A | 4.3 MEDIUM |
| An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | |||||
| CVE-2025-24885 | 2025-01-30 | N/A | 7.6 HIGH | ||
| pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS. | |||||
| CVE-2023-2429 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-30 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | |||||
| CVE-2025-0740 | 2025-01-30 | N/A | 8.6 HIGH | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>". | |||||
| CVE-2025-0739 | 2025-01-30 | N/A | 8.6 HIGH | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>". | |||||
| CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2025-01-29 | N/A | 9.6 CRITICAL |
| An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2025-01-29 | N/A | 7.5 HIGH |
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | |||||