Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50341 1 Hcltech 1 Dryice Myxalytics 2025-06-18 N/A 7.6 HIGH
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.
CVE-2023-49961 1 Wallix 2 Bastion, Bastion Access Manager 2025-06-18 N/A 7.5 HIGH
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
CVE-2023-0386 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2025-06-18 N/A 7.8 HIGH
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
CVE-2024-28000 1 Litespeedtech 1 Litespeed Cache 2025-06-17 N/A 9.8 CRITICAL
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
CVE-2023-28197 1 Apple 1 Macos 2025-06-17 N/A 3.3 LOW
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.
CVE-2021-46903 1 Meinbergglobal 1 Lantime Firmware 2025-06-17 N/A 6.5 MEDIUM
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).
CVE-2023-47202 1 Trendmicro 1 Apex One 2025-06-17 N/A 7.8 HIGH
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-23055 1 Plone 1 Plone Docker Official Image 2025-06-17 N/A 6.1 MEDIUM
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
CVE-2023-6447 1 Metagauss 1 Eventprime 2025-06-17 N/A 5.3 MEDIUM
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
CVE-2023-27001 1 Egerie 1 Egerie 2025-06-17 N/A 8.8 HIGH
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.
CVE-2024-25677 1 Minbrowser 1 Min 2025-06-16 N/A 8.8 HIGH
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
CVE-2023-51065 1 Qstar 1 Archive Storage Manager 2025-06-16 N/A 7.5 HIGH
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.
CVE-2024-44106 1 Ivanti 1 Workspace Control 2025-06-12 N/A 8.8 HIGH
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2022-26461 2 Google, Mediatek 15 Android, Mt6833, Mt6853 and 12 more 2025-06-12 N/A 6.7 MEDIUM
In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604.
CVE-2023-52325 1 Trendmicro 1 Apex Central 2025-06-11 N/A 7.5 HIGH
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.
CVE-2023-47132 1 N-able 1 N-central 2025-06-11 N/A 9.8 CRITICAL
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVE-2021-24566 1 Pluginus 1 Fox - Currency Switcher Professional For Woocommerce 2025-06-11 N/A 8.8 HIGH
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
CVE-2023-43609 1 Emerson 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more 2025-06-10 N/A 6.9 MEDIUM
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition.
CVE-2025-31134 1 Freshrss 1 Freshrss 2025-06-10 N/A 7.5 HIGH
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.
CVE-2013-6954 1 Libpng 1 Libpng 2025-06-10 5.0 MEDIUM 6.5 MEDIUM
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.