Total
35577 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6640 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier. | ||||
| CVE-2024-2339 | 1 Dalibo | 2 Anonymizer, Postgresql Anonymizer | 2025-02-12 | 8 High |
| PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. | ||||
| CVE-2023-22916 | 1 Zyxel | 36 Atp100, Atp100 Firmware, Atp100w and 33 more | 2025-02-12 | 8.1 High |
| The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. | ||||
| CVE-2022-48430 | 1 Jetbrains | 1 Intellij Idea | 2025-02-12 | 5.5 Medium |
| In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. | ||||
| CVE-2023-21495 | 1 Samsung | 1 Android | 2025-02-12 | 4 Medium |
| Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | ||||
| CVE-2023-27729 | 1 F5 | 1 Njs | 2025-02-12 | 7.5 High |
| Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | ||||
| CVE-2023-21493 | 1 Samsung | 1 Android | 2025-02-12 | 6.8 Medium |
| Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | ||||
| CVE-2023-20680 | 2 Google, Mediatek | 22 Android, Mt6779, Mt6781 and 19 more | 2025-02-12 | 6.7 Medium |
| In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. | ||||
| CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2025-02-12 | 4.9 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | ||||
| CVE-2023-21491 | 1 Samsung | 1 Android | 2025-02-12 | 8.5 High |
| Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | ||||
| CVE-2023-21490 | 1 Samsung | 1 Android | 2025-02-12 | 4.7 Medium |
| Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | ||||
| CVE-2023-21488 | 1 Samsung | 1 Android | 2025-02-12 | 4.4 Medium |
| Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. | ||||
| CVE-2023-0756 | 1 Gitlab | 1 Gitlab | 2025-02-12 | 4.8 Medium |
| An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | ||||
| CVE-2022-4376 | 1 Gitlab | 1 Gitlab | 2025-02-12 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. | ||||
| CVE-2023-22918 | 1 Zyxel | 102 Atp100, Atp100 Firmware, Atp100w and 99 more | 2025-02-12 | 6.5 Medium |
| A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | ||||
| CVE-2022-41976 | 1 Scada-lts | 1 Scada-lts | 2025-02-12 | 9.9 Critical |
| An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile. | ||||
| CVE-2024-29035 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | 4.1 Medium |
| Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1. | ||||
| CVE-2022-47189 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-12 | 7.5 High |
| Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | ||||
| CVE-2025-20907 | 1 Samsung | 1 Android | 2025-02-12 | 6 Medium |
| Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. | ||||
| CVE-2023-1426 | 1 Keetrax | 1 Wp Tiles | 2025-02-11 | 6.5 Medium |
| The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. | ||||