Total
29682 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2025-01-29 | N/A | 7.5 HIGH |
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | |||||
| CVE-2024-55193 | 1 Openimageio | 1 Openimageio | 2025-01-29 | N/A | 9.8 CRITICAL |
| OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. | |||||
| CVE-2023-1031 | 1 Monicahq | 1 Monica | 2025-01-29 | N/A | 8.8 HIGH |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | |||||
| CVE-2024-26270 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | N/A | 6.5 MEDIUM |
| The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password. | |||||
| CVE-2024-25962 | 1 Dell | 1 Insightiq | 2025-01-28 | N/A | 8.3 HIGH |
| Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data. | |||||
| CVE-2022-38090 | 1 Intel | 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more | 2025-01-28 | N/A | 6.0 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2023-31497 | 1 Seqrite | 1 End Point Security | 2025-01-27 | N/A | 7.8 HIGH |
| Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system. | |||||
| CVE-2023-28360 | 1 Brave | 1 Brave | 2025-01-27 | N/A | 4.3 MEDIUM |
| An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. | |||||
| CVE-2024-1603 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-01-24 | N/A | 7.5 HIGH |
| paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. | |||||
| CVE-2023-21103 | 1 Google | 1 Android | 2025-01-24 | N/A | 5.5 MEDIUM |
| In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622 | |||||
| CVE-2023-21116 | 1 Google | 1 Android | 2025-01-24 | N/A | 6.7 MEDIUM |
| In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 | |||||
| CVE-2023-29818 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | |||||
| CVE-2024-3384 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.5 HIGH |
| A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. | |||||
| CVE-2024-3383 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.4 HIGH |
| A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. | |||||
| CVE-2024-1882 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | N/A | 7.2 HIGH |
| This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. | |||||
| CVE-2024-1654 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | N/A | 7.2 HIGH |
| This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this. | |||||
| CVE-2024-1223 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | N/A | 4.8 MEDIUM |
| This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state. | |||||
| CVE-2024-1222 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | N/A | 8.6 HIGH |
| This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls. | |||||
| CVE-2024-1221 | 3 Apple, Linux, Papercut | 4 Macos, Linux Kernel, Papercut Mf and 1 more | 2025-01-23 | N/A | 3.1 LOW |
| This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers. | |||||
| CVE-2023-29862 | 1 Agasio Camera Project | 2 Agasio Camera, Agasio Camera Firmware | 2025-01-23 | N/A | 9.8 CRITICAL |
| An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | |||||