Total
4348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28818 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2025-03-17 | 5.9 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) module. This can lead to disclosure of sensitive information. | ||||
| CVE-2024-38873 | 1 Typo3 | 1 Friendlycaptcha Official | 2025-03-14 | 5.3 Medium |
| An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension. | ||||
| CVE-2024-40531 | 1 Uab Lexita | 2 Panteracrm Cms, Patera Crm Cms | 2025-03-14 | 8.8 High |
| A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions. | ||||
| CVE-2023-20579 | 1 Amd | 258 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250c and 255 more | 2025-03-14 | 4.4 Medium |
| Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. | ||||
| CVE-2024-30481 | 1 Jch Optimize Project | 1 Jch Optimize | 2025-03-14 | 6.5 Medium |
| Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0. | ||||
| CVE-2024-1675 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-14 | 8.8 High |
| Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-41250 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2025-03-14 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | ||||
| CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2025-03-14 | 9.8 Critical |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
| CVE-2024-1898 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | 3.9 Low |
| Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. | ||||
| CVE-2022-41324 | 2025-03-14 | 6.5 Medium | ||
| Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. | ||||
| CVE-2024-2313 | 1 Redhat | 1 Enterprise Linux | 2025-03-13 | 2.8 Low |
| If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | ||||
| CVE-2024-41251 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2025-03-13 | 6.5 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | ||||
| CVE-2024-20929 | 1 Oracle | 1 Application Object Library | 2025-03-13 | 6.5 Medium |
| Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2024-47976 | 1 Solidigm | 12 D5 P4320 Firmware, D5 P4326 Firmware, D5 P5316 Firmware and 9 more | 2025-03-13 | 6.7 Medium |
| Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | ||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 7.6 High |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | ||||
| CVE-2025-25615 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | 6 Medium |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | ||||
| CVE-2024-5840 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | 6.5 Medium |
| Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-45334 | 2 Trend Micro Inc, Trendmicro | 2 Antivirus One, Antivirus One | 2025-03-13 | 7.8 High |
| Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | ||||
| CVE-2024-22067 | 1 Zte | 2 Nh8091, Nh8091 Firmware | 2025-03-13 | 6.8 Medium |
| ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. | ||||
| CVE-2024-22026 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | 6.7 Medium |
| A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | ||||