Total
29612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21262 | 1 Microsoft | 1 Edge Chromium | 2025-04-02 | 5.4 Medium |
| User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network | ||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-04-02 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2024-13446 | 1 Amentotech | 1 Workreap | 2025-04-02 | 9.8 Critical |
| The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5. | ||||
| CVE-2024-11300 | 1 Lunary | 1 Lunary | 2025-04-01 | 6.5 Medium |
| In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs, leading to potential exposure of critical information. | ||||
| CVE-2024-2611 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-04-01 | 5.5 Medium |
| A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2022-43997 | 1 Aternity | 1 Aternity | 2025-04-01 | 7.8 High |
| Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights. | ||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2025-04-01 | 7.4 High |
| All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2025-04-01 | 7.4 High |
| All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | ||||
| CVE-2022-25962 | 1 Vagrant.js Project | 1 Vagrant.js | 2025-04-01 | 7.4 High |
| All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. | ||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2025-04-01 | 7.4 High |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | ||||
| CVE-2023-22578 | 1 Sequelizejs | 1 Sequelize | 2025-04-01 | 10 Critical |
| Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | ||||
| CVE-2022-45770 | 1 Adguard | 1 Adguard | 2025-03-31 | 7.8 High |
| Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | ||||
| CVE-2021-39333 | 1 Hashthemes | 1 Hashthemes Demo Importer | 2025-03-31 | 8.1 High |
| The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads. | ||||
| CVE-2022-46967 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2025-03-31 | 9.8 Critical |
| An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | ||||
| CVE-2024-55628 | 1 Oisf | 1 Suricata | 2025-03-31 | 7.5 High |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8. | ||||
| CVE-2021-29659 | 1 Owncloud | 1 Owncloud Server | 2025-03-31 | 6.5 Medium |
| ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance. | ||||
| CVE-2024-25169 | 1 Jupo | 1 Mezzanine | 2025-03-28 | 9.8 Critical |
| An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. | ||||
| CVE-2025-1771 | 1 Shinecommerce | 1 Traveler | 2025-03-28 | 9.8 Critical |
| The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | ||||
| CVE-2022-34405 | 1 Dell | 34 Alienware Area 51m R1, Alienware Area 51m R2, Alienware Aurora R10 and 31 more | 2025-03-28 | 7.3 High |
| An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system. | ||||
| CVE-2025-0190 | 1 Aimstack | 1 Aim | 2025-03-28 | 7.5 High |
| In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service. | ||||