| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.
|
| An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. |
| GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. |
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| Azure SDK for .NET Information Disclosure Vulnerability |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Cleanup Manager Elevation of Privilege Vulnerability |
| Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| Windows Telephony Server Elevation of Privilege Vulnerability |
| Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability |
| Windows System Assessment Tool Elevation of Privilege Vulnerability |
| Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability |
