Total
29368 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20883 | 1 Samsung | 1 Android | 2025-02-12 | 4.6 Medium |
| Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2024-3459 | 1 Kioware | 1 Kioware | 2025-02-12 | 8.4 High |
| KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges. | ||||
| CVE-2025-22303 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | ||||
| CVE-2024-53804 | 2 Brandtoss, Wpmailster | 2 Wpmailster, Wp Mailster | 2025-02-11 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | ||||
| CVE-2024-5245 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-11 | 7.8 High |
| NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755. | ||||
| CVE-2023-1768 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-11 | 3.7 Low |
| Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. | ||||
| CVE-2020-1147 | 2 Microsoft, Redhat | 18 .net Core, .net Framework, Sharepoint Enterprise Server and 15 more | 2025-02-11 | 7.8 High |
| A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | ||||
| CVE-2024-6637 | 1 Wpwebelite | 1 Woocommerce Social Login | 2025-02-11 | 7.3 High |
| The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user. | ||||
| CVE-2024-46948 | 1 Northern.tech | 1 Mender | 2025-02-10 | 5.3 Medium |
| Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | ||||
| CVE-2024-10941 | 1 Mozilla | 1 Firefox | 2025-02-10 | 4.3 Medium |
| A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. | ||||
| CVE-2024-20885 | 1 Samsung | 1 Android | 2025-02-10 | 5.1 Medium |
| Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission. | ||||
| CVE-2024-20884 | 1 Samsung | 1 Android | 2025-02-10 | 6.2 Medium |
| Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | ||||
| CVE-2024-20883 | 1 Samsung | 1 Android | 2025-02-10 | 6.2 Medium |
| Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | ||||
| CVE-2024-49414 | 1 Samsung | 1 Android | 2025-02-10 | 2.4 Low |
| Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | ||||
| CVE-2023-28051 | 1 Dell | 1 Power Manager | 2025-02-10 | 7.8 High |
| Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. | ||||
| CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2025-02-10 | 7.8 High |
| A user with non-Admin access can change a configuration file on the client to modify the Server URL. | ||||
| CVE-2023-0482 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Oncommand Workflow Automation, Amq Broker and 7 more | 2025-02-10 | 5.5 Medium |
| In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | ||||
| CVE-2024-53295 | 1 Dell | 1 Data Domain Operating System | 2025-02-07 | 7.8 High |
| Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. | ||||
| CVE-2024-20860 | 1 Samsung | 1 Android | 2025-02-07 | 4 Medium |
| Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. | ||||
| CVE-2024-39514 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-02-07 | 6.5 Medium |
| An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. This issue affects Junos OS: * All versions before 20.4R3-S10, * from 21.4 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 20.4R3-S10-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | ||||