Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 31890 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44118 1 Dedebiz 1 Dedecmsv6 2025-04-28 N/A 9.8 CRITICAL
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.
CVE-2022-43196 1 Dedebiz 1 Dedecmsv6 2025-04-28 N/A 9.1 CRITICAL
dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.
CVE-2024-42797 1 Lopalopa 1 Music Management System 2025-04-28 N/A 9.8 CRITICAL
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVE-2024-46607 1 Thecosy 1 Icecms 2025-04-28 N/A 7.6 HIGH
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
CVE-2024-42021 1 Veeam 1 One 2025-04-28 N/A 6.5 MEDIUM
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
CVE-2024-42022 1 Veeam 1 One 2025-04-28 N/A 5.3 MEDIUM
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
CVE-2024-44571 1 Relyum 2 Rely-pcie, Rely-pcie Firmware 2025-04-28 N/A 8.8 HIGH
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.
CVE-2024-42794 1 Lopalopa 1 Music Management System 2025-04-28 N/A 4.7 MEDIUM
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.
CVE-2024-42795 1 Lopalopa 1 Music Management System 2025-04-28 N/A 4.2 MEDIUM
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.
CVE-2024-42796 1 Lopalopa 1 Music Management System 2025-04-28 N/A 5.9 MEDIUM
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
CVE-2024-42798 1 Lopalopa 1 Music Management System 2025-04-28 N/A 7.6 HIGH
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
CVE-2024-38909 1 Std42 1 Elfinder 2025-04-28 N/A 9.8 CRITICAL
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc.
CVE-2024-42995 1 Vtiger 1 Vtiger Crm 2025-04-28 N/A 8.3 HIGH
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVE-2022-39833 1 Filecloud 1 Filecloud 2025-04-25 N/A 7.2 HIGH
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
CVE-2022-38753 1 Microfocus 1 Netiq Advanced Authentication 2025-04-25 N/A 6.3 MEDIUM
This update resolves a multi-factor authentication bypass attack
CVE-2022-36784 1 Elsight 2 Halo, Halo Firmware 2025-04-25 N/A 9.8 CRITICAL
Elsight – Elsight Halo  Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution.
CVE-2022-45872 1 Iterm2 1 Iterm2 2025-04-25 N/A 9.8 CRITICAL
iTerm2 before 3.4.18 mishandles a DECRQSS response.
CVE-2022-38767 1 Windriver 1 Vxworks 2025-04-25 N/A 7.5 HIGH
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.
CVE-2022-26885 1 Apache 1 Dolphinscheduler 2025-04-25 N/A 7.5 HIGH
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.
CVE-2024-20065 2 Google, Mediatek 14 Android, Mt6768, Mt6781 and 11 more 2025-04-25 N/A 4.0 MEDIUM
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394.