Total
31890 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-44118 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-28 | N/A | 9.8 CRITICAL |
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php. | |||||
CVE-2022-43196 | 1 Dedebiz | 1 Dedecmsv6 | 2025-04-28 | N/A | 9.1 CRITICAL |
dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php. | |||||
CVE-2024-42797 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 9.8 CRITICAL |
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | |||||
CVE-2024-46607 | 1 Thecosy | 1 Icecms | 2025-04-28 | N/A | 7.6 HIGH |
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | |||||
CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | N/A | 6.5 MEDIUM |
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||
CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | N/A | 5.3 MEDIUM |
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | |||||
CVE-2024-44571 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | N/A | 8.8 HIGH |
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | |||||
CVE-2024-42794 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 4.7 MEDIUM |
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | |||||
CVE-2024-42795 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 4.2 MEDIUM |
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | |||||
CVE-2024-42796 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 5.9 MEDIUM |
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | |||||
CVE-2024-42798 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 7.6 HIGH |
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. | |||||
CVE-2024-38909 | 1 Std42 | 1 Elfinder | 2025-04-28 | N/A | 9.8 CRITICAL |
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. | |||||
CVE-2024-42995 | 1 Vtiger | 1 Vtiger Crm | 2025-04-28 | N/A | 8.3 HIGH |
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | |||||
CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2025-04-25 | N/A | 7.2 HIGH |
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | |||||
CVE-2022-38753 | 1 Microfocus | 1 Netiq Advanced Authentication | 2025-04-25 | N/A | 6.3 MEDIUM |
This update resolves a multi-factor authentication bypass attack | |||||
CVE-2022-36784 | 1 Elsight | 2 Halo, Halo Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. | |||||
CVE-2022-45872 | 1 Iterm2 | 1 Iterm2 | 2025-04-25 | N/A | 9.8 CRITICAL |
iTerm2 before 3.4.18 mishandles a DECRQSS response. | |||||
CVE-2022-38767 | 1 Windriver | 1 Vxworks | 2025-04-25 | N/A | 7.5 HIGH |
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. | |||||
CVE-2022-26885 | 1 Apache | 1 Dolphinscheduler | 2025-04-25 | N/A | 7.5 HIGH |
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher. | |||||
CVE-2024-20065 | 2 Google, Mediatek | 14 Android, Mt6768, Mt6781 and 11 more | 2025-04-25 | N/A | 4.0 MEDIUM |
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394. |