| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents. |
| A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default. |
| Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. |
| In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. |
| Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information. |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. |
| Azure Entra ID Elevation of Privilege Vulnerability |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. |
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. |
| Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. |
| Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks. |
| Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. |
