Total
29783 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5163 | 1 Yangshare | 1 Warehouse Management System | 2025-06-03 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in yangshare 技术杨工 warehouseManager 仓库管理系统 1.0. This affects an unknown part. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-41784 | 1 Zte | 2 Redmagic 8 Pro, Redmagic 8 Pro Firmware | 2025-06-03 | 6.6 Medium |
| Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | ||||
| CVE-2023-51071 | 1 Qstar | 1 Archive Storage Manager | 2025-06-03 | 6.5 Medium |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | ||||
| CVE-2023-51842 | 1 Meshcentral | 1 Meshcentral | 2025-06-02 | 7.5 High |
| An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16. | ||||
| CVE-2024-1011 | 1 Employee Management System Project | 1 Employee Management System | 2025-06-02 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. | ||||
| CVE-2024-11942 | 1 Drupal | 2 Drupal, Drupal Core | 2025-06-02 | 5.9 Medium |
| A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. | ||||
| CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | ||||
| CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | ||||
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | ||||
| CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | 7.8 High |
| An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | ||||
| CVE-2021-38617 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 8.8 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | ||||
| CVE-2021-38616 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 7.6 High |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more. | ||||
| CVE-2021-38615 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 6.3 Medium |
| In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | ||||
| CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2025-05-30 | 8.8 High |
| Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | ||||
| CVE-2023-47035 | 1 Etherscan | 1 Reptilian Coin | 2025-05-30 | 7.5 High |
| RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | ||||
| CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2025-05-30 | 7.5 High |
| MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | ||||
| CVE-2023-44281 | 1 Dell | 1 Pair | 2025-05-30 | 6.6 Medium |
| Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service. | ||||
| CVE-2020-15187 | 2 Helm, Redhat | 2 Helm, Acm | 2025-05-29 | 3 Low |
| In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL. | ||||
| CVE-2025-32158 | 1 Athemes | 1 Athemes Addons For Elementor | 2025-05-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||