Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24337 | 2025-01-21 | 8.4 High | ||
| WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. | ||||
| CVE-2024-2819 | 1 Hitachi | 1 Ops Center Common Services | 2025-01-21 | 5.1 Medium |
| Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | ||||
| CVE-2023-31923 | 1 Supremainc | 1 Biostar 2 | 2025-01-21 | 8.8 High |
| Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | ||||
| CVE-2025-22620 | 2025-01-21 | 5 Medium | ||
| gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some situations. This vulnerability is fixed in 0.17.0. | ||||
| CVE-2024-46310 | 2025-01-16 | 9.1 Critical | ||
| Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint | ||||
| CVE-2023-28161 | 1 Mozilla | 1 Firefox | 2025-01-09 | 8.8 High |
| If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. | ||||
| CVE-2024-54818 | 2025-01-08 | 8.8 High | ||
| SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | ||||
| CVE-2024-53934 | 2025-01-08 | 7.7 High | ||
| The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component. | ||||
| CVE-2024-54880 | 2025-01-07 | 9.1 Critical | ||
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. | ||||
| CVE-2024-54879 | 2025-01-07 | 9.1 Critical | ||
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. | ||||
| CVE-2024-46622 | 2025-01-07 | 9.8 Critical | ||
| An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion. | ||||
| CVE-2023-42867 | 1 Apple | 1 Garageband | 2025-01-06 | 7.8 High |
| This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges. | ||||
| CVE-2024-44211 | 1 Apple | 1 Macos | 2025-01-06 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-44223 | 1 Apple | 1 Macos | 2025-01-06 | 4.6 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window. | ||||
| CVE-2024-55507 | 2025-01-03 | 9.8 Critical | ||
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. | ||||
| CVE-2024-56317 | 2025-01-02 | 7.5 High | ||
| In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. | ||||
| CVE-2024-22177 | 1 Openatom | 1 Openharmony | 2025-01-02 | 3.3 Low |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. | ||||
| CVE-2024-37649 | 2024-12-31 | 4.6 Medium | ||
| Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials. | ||||
| CVE-2024-54515 | 1 Apple | 1 Macos | 2024-12-21 | 7.8 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-54465 | 1 Apple | 1 Macos | 2024-12-21 | 9.8 Critical |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. | ||||