Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13191 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13200 | 2025-01-09 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13201 | 2025-01-09 | 4.7 Medium | ||
| A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13210 | 2025-01-09 | 4.7 Medium | ||
| A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13211 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13212 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0346 | 2025-01-09 | 4.7 Medium | ||
| A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28066 | 1 Dell | 1 Os Recovery Tool | 2025-01-08 | 7.3 High |
| Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | ||||
| CVE-2023-3095 | 1 Teampass | 1 Teampass | 2025-01-08 | 6.5 Medium |
| Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management | 2025-01-08 | 6.1 Medium |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | ||||
| CVE-2023-46601 | 1 Siemens | 1 Comos | 2025-01-08 | 9.6 Critical |
| A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to. | ||||
| CVE-2023-43505 | 1 Siemens | 1 Comos | 2025-01-08 | 9.6 Critical |
| A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to. | ||||
| CVE-2024-40749 | 2025-01-08 | 7.5 High | ||
| Improper Access Controls allows access to protected views. | ||||
| CVE-2023-21670 | 1 Qualcomm | 364 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 361 more | 2025-01-07 | 7.8 High |
| Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. | ||||
| CVE-2024-37147 | 1 Glpi-project | 1 Glpi | 2025-01-07 | 4.3 Medium |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16. | ||||
| CVE-2023-38946 | 1 Multilaser | 2 Re160, Re160 Firmware | 2025-01-07 | 8.8 High |
| An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie. | ||||
| CVE-2023-38945 | 1 Multilaser | 6 Re160, Re160 Firmware, Re160v and 3 more | 2025-01-07 | 9.8 Critical |
| Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL. | ||||
| CVE-2023-25174 | 1 Intel | 1 Chipset Device Software | 2025-01-07 | 6.7 Medium |
| Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-11211 | 1 Eyoucms | 1 Eyoucms | 2025-01-06 | 4.7 Medium |
| A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-24546 | 1 Arista | 1 Cloudvision Portal | 2025-01-06 | 8.1 High |
| On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service. | ||||