Total
5004 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22074 | 1 Dynamsoft | 1 Dynamsoft Service | 2025-03-18 | 9.8 Critical |
| Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212. | ||||
| CVE-2023-24484 | 1 Citrix | 1 Workspace | 2025-03-18 | 5.5 Medium |
| A malicious user can cause log files to be written to a directory that they do not have permission to write to. | ||||
| CVE-2024-26310 | 1 Archerirm | 1 Archer | 2025-03-18 | 4.3 Medium |
| Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges. | ||||
| CVE-2024-20927 | 1 Oracle | 1 Weblogic Server | 2025-03-18 | 8.6 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). | ||||
| CVE-2024-31805 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 6.5 Medium |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | ||||
| CVE-2023-24320 | 1 Axcora | 1 Axcora | 2025-03-18 | 9.8 Critical |
| An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2022-23240 | 1 Netapp | 1 Active Iq Unified Manager | 2025-03-18 | 6.5 Medium |
| Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. | ||||
| CVE-2024-21113 | 1 Oracle | 1 Vm Virtualbox | 2025-03-18 | 8.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-21132 | 1 Oracle | 1 Purchasing | 2025-03-17 | 5.4 Medium |
| Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Purchasing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Purchasing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Purchasing accessible data as well as unauthorized read access to a subset of Oracle Purchasing accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-28818 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2025-03-17 | 5.9 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information. | ||||
| CVE-2023-20579 | 1 Amd | 258 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250c and 255 more | 2025-03-14 | 4.4 Medium |
| Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | ||||
| CVE-2024-30481 | 1 Jch Optimize Project | 1 Jch Optimize | 2025-03-14 | 6.5 Medium |
| Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0. | ||||
| CVE-2024-1675 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-14 | 8.8 High |
| Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-41250 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2025-03-14 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | ||||
| CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2025-03-14 | 9.8 Critical |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
| CVE-2024-1898 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | 3.9 Low |
| Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. | ||||
| CVE-2024-2313 | 1 Redhat | 1 Enterprise Linux | 2025-03-13 | 2.8 Low |
| If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | ||||
| CVE-2024-41251 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2025-03-13 | 6.5 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | ||||
| CVE-2024-20929 | 1 Oracle | 1 Application Object Library | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 7.6 High |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | ||||