Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24399 | 2025-03-18 | 8.8 High | ||
| Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by providing a username that differs only in letter case, potentially gaining administrator access to Jenkins. | ||||
| CVE-2024-55959 | 2025-03-18 | 9.1 Critical | ||
| Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | ||||
| CVE-2024-49737 | 2025-03-18 | 7.8 High | ||
| In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-44151 | 1 Apple | 1 Macos | 2025-03-18 | 6.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-43765 | 2025-03-18 | 7.8 High | ||
| In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-40792 | 1 Apple | 1 Macos | 2025-03-18 | 3.3 Low |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings. | ||||
| CVE-2024-10469 | 1 Cert | 1 Vince | 2025-03-17 | 4.4 Medium |
| VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | ||||
| CVE-2024-51162 | 1 Audimex | 1 Audimexee | 2025-03-17 | 8.8 High |
| An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more. | ||||
| CVE-2024-48823 | 1 Automatic Systems | 1 Maintenance Slimlane | 2025-03-15 | 9.8 Critical |
| Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. | ||||
| CVE-2024-48572 | 1 Aquila | 1 Cms | 2025-03-14 | 5.3 Medium |
| A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | ||||
| CVE-2024-55957 | 2025-03-14 | 7.8 High | ||
| In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. | ||||
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | 5.5 Medium |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | ||||
| CVE-2024-49732 | 2025-03-13 | 7.8 High | ||
| In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30977 | 1 Secnet Security Network Intelligent Ac Management System | 1 Secnet Security Network Intelligent Ac Management System | 2025-03-13 | 7.8 High |
| An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. | ||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2025-03-13 | 7.5 High |
| This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | ||||
| CVE-2023-52545 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-44786 | 1 Meabillis Cms | 1 Meabillis Cms | 2025-03-13 | 7.5 High |
| Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | ||||
| CVE-2024-43769 | 2025-03-13 | 7.8 High | ||
| In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30415 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 9.1 Critical |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52717 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 5.3 Medium |
| Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||