Total
2061 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23304 | 1 Garmin | 1 Connect-iq | 2025-01-31 | N/A | 9.1 CRITICAL |
| The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information. | |||||
| CVE-2023-21117 | 1 Google | 1 Android | 2025-01-31 | N/A | 7.8 HIGH |
| In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101 | |||||
| CVE-2024-1741 | 1 Lunary | 1 Lunary | 2025-01-31 | N/A | 9.1 CRITICAL |
| lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data. | |||||
| CVE-2025-24460 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | |||||
| CVE-2022-47874 | 1 Jedox | 2 Cloud, Jedox | 2025-01-30 | N/A | 6.5 MEDIUM |
| Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | |||||
| CVE-2023-31435 | 1 Evasys | 1 Evasys | 2025-01-30 | N/A | 8.1 HIGH |
| Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly. | |||||
| CVE-2025-0781 | 2025-01-29 | N/A | 8.6 HIGH | ||
| An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. | |||||
| CVE-2023-24505 | 1 Milesight | 2 Ncr\/camera, Ncr\/camera Firmware | 2025-01-29 | N/A | 5.3 MEDIUM |
| Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. | |||||
| CVE-2023-23538 | 1 Apple | 1 Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-27954 | 2 Apple, Debian | 7 Ipados, Iphone Os, Macos and 4 more | 2025-01-29 | N/A | 6.5 MEDIUM |
| The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information. | |||||
| CVE-2023-27951 | 1 Apple | 1 Macos | 2025-01-29 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper. | |||||
| CVE-2020-23362 | 1 Yershop Project | 1 Yershop | 2025-01-29 | N/A | 7.1 HIGH |
| Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | |||||
| CVE-2024-41140 | 2025-01-29 | N/A | 8.1 HIGH | ||
| Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function. | |||||
| CVE-2025-24479 | 2025-01-28 | N/A | N/A | ||
| A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user. | |||||
| CVE-2024-37002 | 2025-01-28 | N/A | 7.8 HIGH | ||
| A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. | |||||
| CVE-2023-41779 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | N/A | 4.4 MEDIUM |
| There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | |||||
| CVE-2018-13382 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-01-27 | 5.0 MEDIUM | 9.1 CRITICAL |
| An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests | |||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | |||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | |||||
| CVE-2025-21403 | 1 Microsoft | 1 On-prem Data Gateway | 2025-01-27 | N/A | 6.4 MEDIUM |
| On-Premises Data Gateway Information Disclosure Vulnerability | |||||