Total
3968 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28312 | 1 Microsoft | 1 Azure Machine Learning | 2025-01-23 | 6.5 Medium |
| Azure Machine Learning Information Disclosure Vulnerability | ||||
| CVE-2023-28246 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2025-01-23 | 7.8 High |
| Windows Registry Elevation of Privilege Vulnerability | ||||
| CVE-2023-28300 | 1 Microsoft | 1 Azure Service Connector | 2025-01-23 | 7.5 High |
| Azure Service Connector Security Feature Bypass Vulnerability | ||||
| CVE-2024-51734 | 1 Zope | 1 Accesscontrol | 2025-01-22 | N/A |
| Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`. | ||||
| CVE-2025-0206 | 1 Code-projects | 1 Online Shoe Store | 2025-01-22 | 5.3 Medium |
| A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-0795 | 1 Mintplexlabs | 1 Anythingllm | 2025-01-21 | 7.2 High |
| If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance | ||||
| CVE-2023-52711 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | 7.8 High |
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM | ||||
| CVE-2023-52712 | 1 Huawei | 2 Curiem-wfg9b, Curiem-wfg9b Firmware | 2025-01-17 | 7.8 High |
| Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM | ||||
| CVE-2023-22600 | 1 Inhandnetworks | 4 Inrouter302, Inrouter302 Firmware, Inrouter615-s and 1 more | 2025-01-16 | 10 Critical |
| InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates. | ||||
| CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | ||||
| CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user could possibly delete any file on the system. | ||||
| CVE-2023-0451 | 1 Econolite | 1 Eos | 2025-01-16 | 7.5 High |
| Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians. | ||||
| CVE-2023-22805 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 6.5 Medium |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. | ||||
| CVE-2023-22807 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 9.8 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. | ||||
| CVE-2023-0811 | 1 Omron | 256 Sysmac Cj2h-cpu64, Sysmac Cj2h-cpu64-eip, Sysmac Cj2h-cpu64-eip Firmware and 253 more | 2025-01-16 | 9.1 Critical |
| Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. | ||||
| CVE-2023-42769 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2025-01-16 | 9.8 Critical |
| The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | ||||
| CVE-2023-45228 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2025-01-16 | 6.5 Medium |
| The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters. | ||||
| CVE-2023-46661 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 9.8 Critical |
| Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | ||||
| CVE-2023-46662 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 7.5 High |
| Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information. | ||||
| CVE-2023-46663 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 7.5 High |
| Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. | ||||