IQSS
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1879 | Med | 0.34 | 6.3 | 0.00 | Apr 1, 2026 | A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote… | ||
| CVE-2024-35260 | 0.01 | — | 0.01 | Jun 27, 2024 | An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. | |||
| CVE-2021-24101 | 0.01 | — | 0.03 | Feb 25, 2021 | Microsoft Dataverse Information Disclosure Vulnerability | |||
| CVE-2025-29826 | 0.00 | — | 0.01 | May 13, 2025 | Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-47732 | 0.00 | — | 0.03 | May 8, 2025 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | |||
| CVE-2025-29807 | 0.00 | — | 0.01 | Mar 21, 2025 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | |||
| CVE-2025-24053 | 0.00 | — | 0.01 | Mar 13, 2025 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2024-38139 | 0.00 | — | 0.01 | Oct 15, 2024 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. |
- risk 0.34cvss 6.3epss 0.00
A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote…
- CVE-2024-35260Jun 27, 2024risk 0.01cvss —epss 0.01
An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.
- CVE-2021-24101Feb 25, 2021risk 0.01cvss —epss 0.03
Microsoft Dataverse Information Disclosure Vulnerability
- CVE-2025-29826May 13, 2025risk 0.00cvss —epss 0.01
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
- CVE-2025-47732May 8, 2025risk 0.00cvss —epss 0.03
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
- CVE-2025-29807Mar 21, 2025risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
- CVE-2025-24053Mar 13, 2025risk 0.00cvss —epss 0.01
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
- CVE-2024-38139Oct 15, 2024risk 0.00cvss —epss 0.01
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.