Total
186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2486 | 1 Apple | 2 Iphone Os, Safari | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2017-2139 | 1 Frogman Office Inc | 1 Cs-cart | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | |||||
| CVE-2017-10833 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | |||||
| CVE-2022-25626 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2025-04-18 | N/A | 5.3 MEDIUM |
| An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. | |||||
| CVE-2025-32367 | 2025-04-15 | N/A | 8.6 HIGH | ||
| The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions. | |||||
| CVE-2022-42953 | 1 Zkteco | 20 Zem500, Zem500 Firmware, Zem510 and 17 more | 2025-04-15 | N/A | 7.5 HIGH |
| Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210). | |||||
| CVE-2015-2873 | 1 Trendmicro | 1 Deep Discovery Inspector | 2025-04-12 | 5.5 MEDIUM | N/A |
| Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. | |||||
| CVE-2023-45598 | 1 Ailux | 1 Imx6 | 2025-04-10 | N/A | 5.3 MEDIUM |
| A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | |||||
| CVE-2022-4057 | 1 Optimizingmatters | 1 Autooptimize | 2025-04-10 | N/A | 5.3 MEDIUM |
| The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | |||||
| CVE-2005-1698 | 1 Postnuke | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message. | |||||
| CVE-2005-1697 | 1 Postnuke | 1 Postnuke | 2025-04-03 | 5.0 MEDIUM | N/A |
| The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message. | |||||
| CVE-2005-1892 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 6.4 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||||
| CVE-2005-1688 | 1 Wordpress | 1 Wordpress | 2025-04-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message. | |||||
| CVE-2004-2257 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |||||
| CVE-2005-1668 | 1 Yusasp | 1 Web Asset Manager | 2025-04-03 | 7.5 HIGH | N/A |
| YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp. | |||||
| CVE-2005-1654 | 1 Hostingcontroller | 1 Hosting Controller | 2025-04-03 | 7.5 HIGH | N/A |
| Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set. | |||||
| CVE-2002-1798 | 1 Midicart | 3 Midicart Php, Midicart Php Maxi, Midicart Php Plus | 2025-04-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php. | |||||
| CVE-2005-1685 | 1 Episodex | 1 Episodex Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
| episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp. | |||||
| CVE-2005-1827 | 1 Dlink | 2 Dsl-504t, Dsl-504t Firmware | 2025-04-03 | 7.5 HIGH | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
| CVE-2004-2144 | 1 Baalsystems | 1 Baal Smart Forms | 2025-04-03 | 7.5 HIGH | N/A |
| Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php. | |||||