Total
2568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31846 | 1 Italtel | 1 Embrace | 2025-05-21 | N/A | 7.5 HIGH |
| An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2022-39835 | 1 Gajim | 1 Gajim | 2025-05-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0. | |||||
| CVE-2022-36771 | 1 Ibm | 1 Qradar User Behavior Analytics | 2025-05-21 | N/A | 6.5 MEDIUM |
| IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791. | |||||
| CVE-2025-33072 | 1 Microsoft | 1 Msagsfeedback.azurewebsites.net | 2025-05-21 | N/A | 8.1 HIGH |
| Improper access control in Azure allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-4901 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4902 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4926 | 1 Phpgurukul | 1 Car Rental Portal | 2025-05-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1959 | 1 Spsoftmobile | 1 Applock | 2025-05-20 | N/A | 6.6 MEDIUM |
| AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. | |||||
| CVE-2022-42717 | 2 Hashicorp, Linux | 2 Vagrant, Linux Kernel | 2025-05-20 | N/A | 7.8 HIGH |
| An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. | |||||
| CVE-2025-27191 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-05-20 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-43563 | 1 Adobe | 1 Coldfusion | 2025-05-19 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-23164 | 2025-05-19 | N/A | 4.4 MEDIUM | ||
| A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled. | |||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-05-19 | N/A | 7.0 HIGH |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47792 | 2025-05-19 | N/A | 5.0 MEDIUM | ||
| Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available. | |||||
| CVE-2025-47794 | 2025-05-19 | N/A | 2.6 LOW | ||
| Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available. | |||||
| CVE-2025-4923 | 2025-05-19 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_delivery_update.php. The manipulation of the argument uploaded_file_cancelled leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4904 | 2025-05-19 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24887 | 1 Citeum | 1 Opencti | 2025-05-19 | N/A | 6.3 MEDIUM |
| OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the `external` flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as `otp_qr` and `otp_activated`. If external users exist in the OpenCTI setup and the information about these users identities is sensitive, the above vulnerabilities can be used to enumerate existing user accounts as a standard low privileged user. This issue has been patched in version 6.4.10. | |||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2025-05-16 | N/A | 9.8 CRITICAL |
| Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | |||||
| CVE-2025-4118 | 1 Weitong | 1 Mall | 2025-05-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||