Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2475 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2025-04-16 | 9.8 Critical |
| Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | ||||
| CVE-2025-3522 | 2025-04-15 | 6.3 Medium | ||
| Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. | ||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-04-11 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2013-6885 | 2 Amd, Redhat | 4 16h Model 00h Processor, 16h Model 0fh Processor, 16h Model Processor Firmware and 1 more | 2025-04-11 | N/A |
| The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. | ||||
| CVE-2022-4801 | 1 Usememos | 1 Memos | 2025-04-10 | 5.3 Medium |
| Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4813 | 1 Usememos | 1 Memos | 2025-04-10 | 4.3 Medium |
| Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2024-33058 | 2025-04-07 | 7.5 High | ||
| Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. | ||||
| CVE-2025-29987 | 2025-04-07 | 8.8 High | ||
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | ||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-03-28 | 5.2 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | ||||
| CVE-2024-8927 | 3 Php, Php-fpm, Redhat | 3 Php, Php-fpm, Enterprise Linux | 2025-03-18 | 7.5 High |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | ||||
| CVE-2024-47804 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-03-14 | 4.3 Medium |
| If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | ||||
| CVE-2023-34058 | 5 Debian, Fedoraproject, Microsoft and 2 more | 10 Debian Linux, Fedora, Windows and 7 more | 2025-03-06 | 7.1 High |
| VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | ||||
| CVE-2025-20111 | 2025-02-26 | 7.4 High | ||
| A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. | ||||
| CVE-2023-27591 | 1 Miniflux Project | 1 Miniflux | 2025-02-25 | 7.5 High |
| Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. | ||||
| CVE-2024-6696 | 2025-02-20 | 4.9 Medium | ||
| The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. (CWE-1220) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not correctly perform an authorization check in the user console trash content An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. | ||||
| CVE-2022-2220 | 2025-02-13 | 0.0 Low | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2024-39279 | 2025-02-13 | 6.5 Medium | ||
| Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-53295 | 1 Dell | 1 Data Domain Operating System | 2025-02-07 | 7.8 High |
| Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege. | ||||
| CVE-2024-11931 | 1 Gitlab | 1 Gitlab | 2025-02-05 | 6.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint. | ||||
| CVE-2023-0205 | 1 Nvidia | 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more | 2025-02-04 | 5 Medium |
| NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | ||||