Total
2480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22945 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-04-07 | N/A | 4.3 MEDIUM |
| In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | |||||
| CVE-2024-38392 | 2025-04-07 | N/A | 9.1 CRITICAL | ||
| Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. | |||||
| CVE-2024-54530 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-04 | N/A | 9.1 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication. | |||||
| CVE-2005-2136 | 1 Raritan | 10 Dominion Sx16, Dominion Sx16 Firmware, Dominion Sx32 and 7 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users. | |||||
| CVE-2001-1155 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. | |||||
| CVE-2024-20466 | 1 Cisco | 1 Identity Services Engine | 2025-03-31 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
| CVE-2024-0043 | 1 Google | 1 Android | 2025-03-29 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-31402 | 1 Cybozu | 1 Garoon | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | |||||
| CVE-2025-2003 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.1 HIGH |
| Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | |||||
| CVE-2024-12148 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | |||||
| CVE-2024-12196 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 6.5 MEDIUM |
| Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | |||||
| CVE-2024-11670 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 5.4 MEDIUM |
| Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. | |||||
| CVE-2024-11672 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 4.3 MEDIUM |
| Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | |||||
| CVE-2024-2915 | 1 Devolutions | 1 Devolutions Server | 2025-03-27 | N/A | 8.8 HIGH |
| Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. | |||||
| CVE-2022-45172 | 1 Liveboxcloud | 1 Vdesk | 2025-03-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system. | |||||
| CVE-2023-24829 | 1 Apache | 1 Iotdb | 2025-03-27 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. | |||||
| CVE-2025-30741 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance. | |||||
| CVE-2023-50811 | 1 Seling | 1 Visual Access Manager | 2025-03-27 | N/A | 6.5 MEDIUM |
| An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one. | |||||
| CVE-2025-25274 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. | |||||
| CVE-2025-27715 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | N/A | 3.3 LOW |
| Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them. | |||||