Total
2036 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-20291 | 1 Cisco | 81 Nexus 3000 In Standalone Nx-os Mode, Nexus 3048, Nexus 31108pc-v and 78 more | 2025-04-30 | N/A | 5.8 MEDIUM |
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces. | |||||
CVE-2023-40117 | 1 Google | 1 Android | 2025-04-29 | N/A | 7.8 HIGH |
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2025-24206 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-29 | N/A | 7.7 HIGH |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy. | |||||
CVE-2025-21570 | 1 Oracle | 1 Argus Safety | 2025-04-29 | N/A | 6.1 MEDIUM |
Vulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). The supported version that is affected is 8.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences Argus Safety. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Life Sciences Argus Safety, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Argus Safety accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Argus Safety accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2025-21565 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-04-29 | N/A | 7.5 HIGH |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
CVE-2025-21563 | 1 Oracle | 1 Peoplesoft Enterprise Cc Common Application Objects | 2025-04-29 | N/A | 4.3 MEDIUM |
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2025-21562 | 1 Oracle | 1 Peoplesoft Enterprise Cc Common Application Objects | 2025-04-29 | N/A | 4.3 MEDIUM |
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2025-21560 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-04-29 | N/A | 6.5 MEDIUM |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Software Development Kit). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
CVE-2025-21556 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-04-29 | N/A | 9.9 CRITICAL |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2022-36785 | 1 Dlink | 2 G Integrated Access Device4, G Integrated Access Device4 Firmware | 2025-04-29 | N/A | 7.5 HIGH |
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface. | |||||
CVE-2022-24189 | 1 Sz-fujia | 1 Ourphoto | 2025-04-29 | N/A | 6.5 MEDIUM |
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users. | |||||
CVE-2025-41423 | 2025-04-29 | N/A | 3.1 LOW | ||
Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate permissions for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts containing actions created by the Playbooks bot, even without channel access or appropriate permissions. | |||||
CVE-2025-3647 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve. | |||||
CVE-2025-3645 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses. | |||||
CVE-2025-46544 | 2025-04-29 | N/A | 6.4 MEDIUM | ||
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles. | |||||
CVE-2025-3861 | 2025-04-29 | N/A | 5.4 MEDIUM | ||
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media. | |||||
CVE-2025-3644 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. | |||||
CVE-2025-43921 | 1 Gnu | 1 Mailman | 2025-04-28 | N/A | 5.3 MEDIUM |
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used. | |||||
CVE-2024-25170 | 1 Jupo | 1 Mezzanine | 2025-04-28 | N/A | 9.1 CRITICAL |
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. | |||||
CVE-2024-56431 | 1 Xiph | 1 Theora | 2025-04-25 | N/A | 9.8 CRITICAL |
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash. |