Total
4350 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37567 | 1 Infoblox | 1 Nios | 2025-04-10 | 9.1 Critical |
| Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | ||||
| CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | 9.8 Critical |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | ||||
| CVE-2022-4810 | 1 Usememos | 1 Memos | 2025-04-10 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4814 | 1 Usememos | 1 Memos | 2025-04-10 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | 5.3 Medium |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | ||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2025-2973 | 1 Code-projects | 1 College Management System | 2025-04-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-24486 | 2 Silex, Silextechnology | 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware | 2025-04-10 | 9.1 Critical |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. | ||||
| CVE-2024-24487 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | 6.8 Medium |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. | ||||
| CVE-2024-24485 | 2 Silex, Silextechnology | 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware | 2025-04-10 | 7.5 High |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. | ||||
| CVE-2022-4724 | 1 Ikus-soft | 1 Rdiffweb | 2025-04-09 | 9.8 Critical |
| Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. | ||||
| CVE-2022-4684 | 1 Usememos | 1 Memos | 2025-04-09 | 8.8 High |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 8.8 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | ||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | ||||
| CVE-2025-28409 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 8.8 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | ||||
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | ||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | ||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | ||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | ||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 7.2 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | ||||