Total
791 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43602 | 1 Microsoft | 1 Azure Cyclecloud | 2025-01-30 | 9.9 Critical |
| Azure CycleCloud Remote Code Execution Vulnerability | ||||
| CVE-2024-38129 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-29 | 7.5 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2023-2534 | 1 Otrs | 1 Otrs | 2025-01-29 | 7.6 High |
| Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32. | ||||
| CVE-2023-28318 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-28 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | ||||
| CVE-2023-28317 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-28 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | ||||
| CVE-2022-43465 | 1 Intel | 1 Setup And Configuration Software | 2025-01-27 | 5 Medium |
| Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-45128 | 1 Intel | 1 Endpoint Management Assistant | 2025-01-27 | 5 Medium |
| Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-41610 | 1 Intel | 2 Endpoint Management Assistant Configuration Tool, Manageability Commander | 2025-01-27 | 5 Medium |
| Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 6.5 Medium |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | ||||
| CVE-2024-3139 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-24 | 5.4 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-26193 | 1 Microsoft | 1 Azure Migrate | 2025-01-23 | 6.4 Medium |
| Azure Migrate Remote Code Execution Vulnerability | ||||
| CVE-2025-21520 | 2 Oracle, Redhat | 3 Mysql Cluster, Mysql Server, Enterprise Linux | 2025-01-22 | 1.8 Low |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N). | ||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-01-22 | 4.3 Medium |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | ||||
| CVE-2022-45450 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2025-01-22 | 7.5 High |
| Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. | ||||
| CVE-2023-2782 | 1 Acronis | 1 Cyber Infrastructure | 2025-01-22 | 5.5 Medium |
| Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. | ||||
| CVE-2025-0580 | 2025-01-21 | 5.6 Medium | ||
| A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2025-01-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||||
| CVE-2025-0484 | 2025-01-15 | 7.3 High | ||
| A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-43731 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 4.3 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-43729 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 6.5 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of this issue does not require user interaction. | ||||