Total
1061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50780 | 1 Apache | 1 Activemq Artemis | 2025-03-19 | 8.8 High |
| Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue. | ||||
| CVE-2023-22938 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-19 | 4.3 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. | ||||
| CVE-2025-2397 | 2025-03-18 | 2.4 Low | ||
| A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2345 | 2025-03-17 | 9.8 Critical | ||
| A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46942 | 1 Opendaylight | 2 Md-sal, Model-driven Service Abstraction Layer | 2025-03-14 | 9.1 Critical |
| In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | ||||
| CVE-2024-21137 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-03-14 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-36130 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-03-13 | 9.8 Critical |
| An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | ||||
| CVE-2023-52539 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-32707 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-11 | 8.8 High |
| In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | ||||
| CVE-2023-22480 | 1 Fit2cloud | 1 Kubeoperator | 2025-03-10 | 7.3 High |
| KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | ||||
| CVE-2025-2114 | 2025-03-10 | 3.7 Low | ||
| A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of the argument OperId leads to improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2025-03-06 | 5.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2025-03-06 | 4 Medium |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | ||||
| CVE-2025-1815 | 2025-03-03 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in pbrong hrms up to 1.0.1. This affects the function HrmsDB of the file \resource\resource.go. The manipulation of the argument user_cookie leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-33142 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.5 Medium |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2025-02-28 | 4.6 Medium |
| Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | ||||
| CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | ||||
| CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | ||||
| CVE-2024-12782 | 2025-02-28 | 7.3 High | ||
| A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure." | ||||