Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40749 | 2025-01-08 | N/A | 7.5 HIGH | ||
| Improper Access Controls allows access to protected views. | |||||
| CVE-2024-49068 | 1 Microsoft | 1 Sharepoint Server | 2025-01-08 | N/A | 8.2 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-43600 | 1 Microsoft | 1 Office | 2025-01-08 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-43594 | 1 Microsoft | 3 System Center 2019, System Center 2022, System Center 2025 | 2025-01-08 | N/A | 7.3 HIGH |
| Microsoft System Center Elevation of Privilege Vulnerability | |||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | N/A | 7.3 HIGH |
| WmsRepair Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop, Windows 10 1507, Windows 10 1607 and 14 more | 2025-01-08 | N/A | 8.4 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2024-28917 | 1 Microsoft | 7 Azure Arc Extension Microsoft.azstackhci.operator, Azure Arc Extension Microsoft.azure.hybridnetwork, Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider and 4 more | 2025-01-07 | N/A | 6.2 MEDIUM |
| Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability | |||||
| CVE-2024-37147 | 1 Glpi-project | 1 Glpi | 2025-01-07 | N/A | 4.3 MEDIUM |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16. | |||||
| CVE-2023-38946 | 1 Multilaser | 2 Re160, Re160 Firmware | 2025-01-07 | N/A | 8.8 HIGH |
| An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie. | |||||
| CVE-2023-38945 | 1 Multilaser | 6 Re160, Re160 Firmware, Re160v and 3 more | 2025-01-07 | N/A | 9.8 CRITICAL |
| Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL. | |||||
| CVE-2023-25174 | 1 Intel | 1 Chipset Device Software | 2025-01-07 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24546 | 1 Arista | 1 Cloudvision Portal | 2025-01-06 | N/A | 8.1 HIGH |
| On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service. | |||||
| CVE-2024-13145 | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13144 | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0227 | 2025-01-05 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html. The manipulation of the argument path leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0226 | 2025-01-05 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /collect/PortV4/downLoad.html. The manipulation of the argument path leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0224 | 2025-01-05 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13134 | 2025-01-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13133 | 2025-01-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanager/controller/StudentController. java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13042 | 2025-01-04 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew/Subject/download.html. The manipulation of the argument path leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||