Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8053 | 2025-10-21 | N/A | N/A | ||
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2. | |||||
| CVE-2025-8049 | 2025-10-21 | N/A | N/A | ||
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2. | |||||
| CVE-2025-54461 | 2025-10-16 | N/A | 5.3 MEDIUM | ||
| ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user. | |||||
| CVE-2024-29200 | 1 Kimai | 1 Kimai | 2025-10-10 | N/A | 6.8 MEDIUM |
| Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. | |||||
| CVE-2025-31961 | 1 Hcltech | 1 Connections | 2025-10-10 | N/A | 3.7 LOW |
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | |||||
| CVE-2025-7493 | 2025-10-09 | N/A | 9.1 CRITICAL | ||
| A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration. | |||||
| CVE-2024-33058 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8035 and 375 more | 2025-10-03 | N/A | 7.5 HIGH |
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | |||||
| CVE-2024-21971 | 2025-09-23 | N/A | 5.5 MEDIUM | ||
| Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service. | |||||
| CVE-2024-21947 | 2025-09-23 | N/A | 7.5 HIGH | ||
| Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level. | |||||
| CVE-2023-31343 | 2025-09-23 | N/A | 7.5 HIGH | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | |||||
| CVE-2023-31342 | 2025-09-23 | N/A | 7.5 HIGH | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | |||||
| CVE-2023-40070 | 2 Apple, Intel | 2 Macos, Power Gadget | 2025-09-02 | N/A | 8.8 HIGH |
| Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-45217 | 2 Intel, Microsoft | 2 Power Gadget, Windows | 2025-08-28 | N/A | 8.8 HIGH |
| Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-13272 | 1 Paragraphs Table Project | 1 Paragraphs Table | 2025-08-27 | N/A | 6.3 MEDIUM |
| Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | |||||
| CVE-2024-8927 | 1 Php | 1 Php | 2025-08-19 | N/A | 7.5 HIGH |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | |||||
| CVE-2025-2498 | 1 Gitlab | 1 Gitlab | 2025-08-15 | N/A | 3.1 LOW |
| An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. | |||||
| CVE-2023-43040 | 1 Ibm | 1 Storage Fusion Hci | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. | |||||
| CVE-2025-22839 | 2025-08-13 | N/A | 7.5 HIGH | ||
| Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 5.2 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | |||||
| CVE-2025-5982 | 1 Gitlab | 1 Gitlab | 2025-08-12 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||