Total
2623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24485 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 7.5 HIGH |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. | |||||
| CVE-2025-26678 | 2025-04-09 | N/A | 8.4 HIGH | ||
| Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-27738 | 2025-04-09 | N/A | 6.5 MEDIUM | ||
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-27744 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-21197 | 2025-04-09 | N/A | 6.5 MEDIUM | ||
| Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | |||||
| CVE-2025-29804 | 2025-04-09 | N/A | 7.3 HIGH | ||
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29810 | 2025-04-09 | N/A | 7.5 HIGH | ||
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-27190 | 2025-04-09 | N/A | 5.3 MEDIUM | ||
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | |||||
| CVE-2025-28409 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | |||||
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | |||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | |||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | |||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | |||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 7.2 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | |||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | |||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | |||||
| CVE-2025-28413 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | |||||
| CVE-2008-2947 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | |||||