Total
100
Critical
5
High
74
Medium
19
CISA KEV
0
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Windows Kernel Information Disclosure Vulnerability
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Overlay Filter Information Disclosure Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability
Windows Backup Service Elevation of Privilege Vulnerability
Windows NTLM Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Windows Kernel Denial of Service Vulnerability
Windows Terminal Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
Raw Image Extension Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Windows Bluetooth Driver Information Disclosure Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
Windows Error Reporting Elevation of Privilege Vulnerability
Windows Media Remote Code Execution Vulnerability
Windows Media Remote Code Execution Vulnerability
Windows Contacts Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Hyper-V Elevation of Privilege Vulnerability
.NET Framework Remote Code Execution Vulnerability
Windows Fax Compose Form Elevation of Privilege Vulnerability
PowerShell Remote Code Execution Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access.
Windows Scripting Languages Remote Code Execution Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Overlay Filter Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Win32k Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
.NET Framework Information Disclosure Vulnerability
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows HTTP.sys Elevation of Privilege Vulnerability
Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
Windows Human Interface Device Information Disclosure Vulnerability
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Windows Kerberos Denial of Service Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Web Account Manager Information Disclosure Vulnerability
Windows Server Service Elevation of Privilege Vulnerability
Windows CD-ROM File System Driver Remote Code Execution Vulnerability
Windows Security Support Provider Interface Information Disclosure Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Secure Channel Denial of Service Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
