Total
1325 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21551 | 2025-03-13 | N/A | 6.0 MEDIUM | ||
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). | |||||
| CVE-2023-52554 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 6.5 MEDIUM |
| Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-42449 | 2025-03-13 | N/A | 7.1 HIGH | ||
| From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | |||||
| CVE-2024-0019 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.0 MEDIUM |
| In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-49582 | 1 Apache | 1 Portable Runtime | 2025-03-13 | N/A | 5.5 MEDIUM |
| Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. | |||||
| CVE-2024-24117 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. | |||||
| CVE-2023-24205 | 1 Clash Project | 1 Clash | 2025-03-12 | N/A | 9.8 CRITICAL |
| Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | |||||
| CVE-2025-22454 | 2025-03-11 | N/A | 7.8 HIGH | ||
| Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2025-1067 | 1 Esri | 2 Arcgis Allsource, Arcgis Pro | 2025-03-04 | N/A | 7.3 HIGH |
| There is an untrusted search path vulnerability in Esri ArcGIS Pro 3.3 and 3.4 that may allow a low privileged attacker with write privileges to the local file system to introduce a malicious executable to the filesystem. When the victim performs a specific action using ArcGIS ArcGIS Pro, the file could execute and run malicious commands under the context of the victim. This issue is addressed in ArcGIS Pro 3.3.3 and 3.4.1. | |||||
| CVE-2023-49257 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-03-03 | N/A | 8.8 HIGH |
| An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | |||||
| CVE-2025-27141 | 1 Metabase | 1 Metabase | 2025-02-28 | N/A | 6.5 MEDIUM |
| Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see results of cached questions, even if their permissions don’t allow them to see the data. If some user runs a question which gets cached, and then an impersonated user runs that question, then the impersonated user sees the same results as the previous user. These cached results may include data the impersonated user should not have access to. This vulnerability only impacts the Enterprise Edition of Metabase and not the Open Source Edition. Versions 1.53.2, 1.52.11, 1.51.14, and 1.50.36 contains a patch. Versions on the 1.49.X, 1.48.X, and 1.47.X branches are vulnerable but do not have a patch available, so users should upgrade to a major version with an available fix. Disabling question caching is a workaround for this issue. | |||||
| CVE-2023-27084 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2025-02-26 | N/A | 5.3 MEDIUM |
| Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | |||||
| CVE-2023-27095 | 1 Opengoofy | 1 Hippo4j | 2025-02-26 | N/A | 6.5 MEDIUM |
| Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | |||||
| CVE-2024-25644 | 1 Sap | 1 Netweaver | 2025-02-26 | N/A | 5.3 MEDIUM |
| Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||||
| CVE-2024-25561 | 1 Intel | 19 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 16 more | 2025-02-25 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24527 | 2025-02-24 | N/A | 8.0 HIGH | ||
| An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. | |||||
| CVE-2024-13813 | 1 Ivanti | 1 Secure Access Client | 2025-02-20 | N/A | 7.1 HIGH |
| Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2025-0064 | 2025-02-18 | N/A | 8.7 HIGH | ||
| Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability. | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2025-02-18 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-38037 | 2025-02-15 | N/A | 5.5 MEDIUM | ||
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||