Total
2721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | N/A | 5.3 MEDIUM |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | |||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2025-04-28 | N/A | 8.8 HIGH |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | |||||
| CVE-2024-44571 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | N/A | 8.8 HIGH |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | |||||
| CVE-2024-42794 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 4.7 MEDIUM |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | |||||
| CVE-2024-42795 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 4.2 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | |||||
| CVE-2024-42796 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 5.9 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | |||||
| CVE-2024-38909 | 1 Std42 | 1 Elfinder | 2025-04-28 | N/A | 9.8 CRITICAL |
| Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. | |||||
| CVE-2023-47422 | 1 Tenda | 8 Ax12, Ax12 Firmware, Ax3 and 5 more | 2025-04-25 | N/A | 8.8 HIGH |
| An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. | |||||
| CVE-2024-20065 | 2 Google, Mediatek | 14 Android, Mt6768, Mt6781 and 11 more | 2025-04-25 | N/A | 4.0 MEDIUM |
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394. | |||||
| CVE-2022-44037 | 1 Apsystems | 2 Ecu-c, Ecu-c Firmware | 2025-04-25 | N/A | 8.8 HIGH |
| An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. | |||||
| CVE-2022-44212 | 1 Gl-inet | 1 Goodcloud | 2025-04-24 | N/A | 5.9 MEDIUM |
| In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | |||||
| CVE-2022-44211 | 1 Gl-inet | 1 Goodcloud | 2025-04-24 | N/A | 7.4 HIGH |
| In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. | |||||
| CVE-2023-36643 | 1 Itb-pim | 1 Tradepro | 2025-04-24 | N/A | 7.5 HIGH |
| Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. | |||||
| CVE-2023-36644 | 1 Itb-pim | 1 Tradepro | 2025-04-24 | N/A | 7.5 HIGH |
| Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin. | |||||
| CVE-2025-3783 | 1 Seniorwalter | 1 Web-based Pharmacy Product Management System | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-44932 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. | |||||
| CVE-2022-37918 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-37917 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-37916 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||