Total
2122 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34517 | 1 Neo4j | 1 Neo4j | 2025-03-11 | 6.5 Medium |
| The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE | ||||
| CVE-2024-2297 | 1 Bricksbuilder | 1 Bricks | 2025-03-11 | 7.1 High |
| The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) "Code Execution" to be enabled for administrator-level users within the theme's settings. | ||||
| CVE-2025-24070 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-03-11 | 7 High |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-21199 | 2025-03-11 | 6.7 Medium | ||
| Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2022-48284 | 1 Huawei | 1 Hilink Ai Life | 2025-03-11 | 9.8 Critical |
| A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | ||||
| CVE-2022-48283 | 1 Huawei | 1 Hilink Ai Life | 2025-03-11 | 9.8 Critical |
| A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | ||||
| CVE-2022-32949 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2025-03-11 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32900 | 1 Apple | 1 Macos | 2025-03-11 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges. | ||||
| CVE-2025-26705 | 2025-03-11 | 5.3 Medium | ||
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | ||||
| CVE-2025-26704 | 2025-03-11 | 6.4 Medium | ||
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | ||||
| CVE-2025-26703 | 2025-03-11 | 4.3 Medium | ||
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | ||||
| CVE-2024-1442 | 2 Grafana, Redhat | 3 Grafana, Acm, Ceph Storage | 2025-03-11 | 6 Medium |
| A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. | ||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2025-03-11 | 9.1 Critical |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2024-54560 | 2025-03-11 | 5.5 Medium | ||
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. | ||||
| CVE-2023-23497 | 1 Apple | 1 Macos | 2025-03-11 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges. | ||||
| CVE-2025-26707 | 2025-03-11 | 5.3 Medium | ||
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | ||||
| CVE-2021-42082 | 1 Osnexus | 1 Quantastor | 2025-03-11 | 7.8 High |
| Local users are able to execute scripts under root privileges. | ||||
| CVE-2025-26706 | 2025-03-11 | 5.4 Medium | ||
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. | ||||
| CVE-2023-23610 | 1 Glpi-project | 1 Glpi | 2025-03-10 | 6.5 Medium |
| GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6. | ||||
| CVE-2023-23629 | 1 Metabase | 1 Metabase | 2025-03-10 | 6.3 Medium |
| Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround. | ||||