| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network. |
| FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute arbitrary code on the server. This issue has been patched in FUXA version 1.2.10. |
| Windows App Package Installer Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| Azure Portal Elevation of Privilege Vulnerability |
| Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. |
| A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data. |
| Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2. |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. |
