Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23203 | 1 Odoo | 1 Odoo | 2025-02-03 | 7.5 High |
| Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | ||||
| CVE-2024-4263 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 5.4 Medium |
| A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them. | ||||
| CVE-2022-1658 | 1 Artbees | 1 Jupiter | 2025-01-31 | 5.4 Medium |
| Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. | ||||
| CVE-2022-1659 | 1 Artbees | 1 Jupiterx | 2025-01-31 | 5.4 Medium |
| Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. | ||||
| CVE-2025-24885 | 2025-01-31 | 7.6 High | ||
| pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS. | ||||
| CVE-2024-45326 | 1 Fortinet | 1 Fortideceptor | 2025-01-31 | 3.9 Low |
| An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | ||||
| CVE-2023-28070 | 1 Dell | 1 Alienware Command Center | 2025-01-30 | 6.7 Medium |
| Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | ||||
| CVE-2023-25496 | 1 Lenovo | 1 Drivers Management | 2025-01-30 | 7.8 High |
| A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2023-2429 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-30 | 9.8 Critical |
| Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | ||||
| CVE-2025-0739 | 2025-01-30 | 8.6 High | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/<SUSCBRIPTION_ID>". | ||||
| CVE-2025-0740 | 2025-01-30 | 8.6 High | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHAT_ID” of the endpoint "/embedai/chats/load_messages?chat_id=<CHAT_ID>". | ||||
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2025-01-30 | 7.1 High |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2025-01-30 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-43530 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2025-01-30 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2025-01-29 | 7.5 High |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-01-29 | 7.8 High |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-29 | 4.8 Medium |
| Windows Remote Desktop Services Tampering Vulnerability | ||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2025-01-29 | 7.8 High |
| Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2025-01-29 | 9.6 Critical |
| An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2025-01-29 | 7.5 High |
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | ||||