Total
3973 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0227 | 2025-01-06 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html. The manipulation of the argument path leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0224 | 2025-01-06 | 5.3 Medium | ||
| A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0226 | 2025-01-06 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /collect/PortV4/downLoad.html. The manipulation of the argument path leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13042 | 2025-01-04 | 4.3 Medium | ||
| A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew/Subject/download.html. The manipulation of the argument path leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-51644 | 1 Alltena | 1 Allegra | 2025-01-03 | 7.3 High |
| Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512. | ||||
| CVE-2024-13110 | 2025-01-02 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-21751 | 1 Microsoft | 1 Azure Devops Server | 2025-01-01 | 6.5 Medium |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2023-36889 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-01 | 5.5 Medium |
| Windows Group Policy Security Feature Bypass Vulnerability | ||||
| CVE-2023-33155 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-01-01 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-32009 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2025-01-01 | 8.8 High |
| Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | ||||
| CVE-2023-21777 | 1 Microsoft | 1 Azure App Service On Azure Stack | 2025-01-01 | 8.7 High |
| Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2023-21752 | 1 Microsoft | 3 Windows 10, Windows 11, Windows 7 | 2025-01-01 | 7.1 High |
| Windows Backup Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-21750 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 7.1 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-21531 | 1 Microsoft | 1 Azure Service Fabric | 2025-01-01 | 7 High |
| Azure Service Fabric Container Elevation of Privilege Vulnerability | ||||
| CVE-2024-38016 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-12-31 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2024-12-31 | 8.5 High |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | ||||
| CVE-2024-37341 | 1 Microsoft | 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more | 2024-12-31 | 8.8 High |
| Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-43492 | 1 Microsoft | 1 Autoupdate | 2024-12-31 | 7.8 High |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | ||||
| CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-12-31 | 9 Critical |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2024-12984 | 2024-12-27 | 5.3 Medium | ||
| A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||