| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. |
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. |
| Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. |
| Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. |
| Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. |
| Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. |
| Improper access control in Azure allows an unauthorized attacker to disclose information over a network. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. |
| Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section. |
| OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue. |