Total
2555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23823 | 1 Vantage6 | 1 Vantage6 | 2025-08-06 | N/A | 4.2 MEDIUM |
|
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new r ...
Show More |
|||||
| CVE-2025-8434 | 1 Anisha | 1 Online Movie Streaming | 2025-08-05 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-8435 | 1 Anisha | 1 Online Movie Streaming | 2025-08-05 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-54554 | 2025-08-05 | N/A | 5.3 MEDIUM | ||
|
tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure.
|
|||||
| CVE-2025-20701 | 2025-08-04 | N/A | 8.8 HIGH | ||
|
In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-54583 | 1 Finos | 1 Gitproxy | 2025-08-01 | N/A | 6.5 MEDIUM |
|
GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2.
|
|||||
| CVE-2024-9159 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-08-01 | N/A | 6.5 MEDIUM |
|
An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not properly guarded by an admin check.
|
|||||
| CVE-2024-27105 | 1 Frappe | 1 Frappe | 2025-07-31 | N/A | 8.1 HIGH |
|
Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available.
|
|||||
| CVE-2025-30750 | 1 Oracle | 1 Database Server | 2025-07-29 | N/A | 2.4 LOW |
|
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to ...
Show More |
|||||
| CVE-2025-30743 | 1 Oracle | 1 Lease And Finance Management | 2025-07-29 | N/A | 8.1 HIGH |
|
Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations). The supported version that is affected is 12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Lease and Finance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Lease and Finance Management acces ...
Show More |
|||||
| CVE-2025-30739 | 1 Oracle | 1 Crm Technical Foundation | 2025-07-29 | N/A | 5.5 MEDIUM |
|
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. While the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result ...
Show More |
|||||
| CVE-2025-54532 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
|
|||||
| CVE-2025-54533 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | 4.3 MEDIUM |
|
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
|
|||||
| CVE-2025-30751 | 1 Oracle | 1 Database Server | 2025-07-29 | N/A | 8.8 HIGH |
|
Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CV ...
Show More |
|||||
| CVE-2025-54596 | 2025-07-29 | N/A | 4.3 MEDIUM | ||
|
Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.
|
|||||
| CVE-2025-54569 | 2025-07-29 | N/A | 4.5 MEDIUM | ||
|
In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.
|
|||||
| CVE-2024-45081 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 6.5 MEDIUM |
|
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an authenticated user to modify restricted content due to incorrect authorization checks.
|
|||||
| CVE-2025-6168 | 1 Gitlab | 1 Gitlab | 2025-07-25 | N/A | 2.7 LOW |
|
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.
|
|||||
| CVE-2025-4972 | 1 Gitlab | 1 Gitlab | 2025-07-25 | N/A | 2.7 LOW |
|
An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.
|
|||||
| CVE-2025-3396 | 1 Gitlab | 1 Gitlab | 2025-07-25 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.
|
|||||
| CVE-2024-6150 | 1 Citrix | 1 Provisioning | 2025-07-25 | N/A | 4.3 MEDIUM |
|
A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning
|
|||||
| CVE-2025-30748 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-07-25 | N/A | 6.1 MEDIUM |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significan ...
Show More |
|||||
| CVE-2025-30747 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-07-25 | N/A | 4.3 MEDIUM |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subs ...
Show More |
|||||
| CVE-2025-30744 | 1 Oracle | 1 Mobile Field Service | 2025-07-25 | N/A | 8.1 HIGH |
|
Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Mobile Field Service accessible data as ...
Show More |
|||||
| CVE-2024-55592 | 1 Fortinet | 1 Fortisiem | 2025-07-25 | N/A | 3.8 LOW |
|
An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
|
|||||
| CVE-2025-49550 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-07-24 | N/A | 4.3 MEDIUM |
|
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2025-49549 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-07-24 | N/A | 2.7 LOW |
|
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2024-45328 | 1 Fortinet | 1 Fortisandbox | 2025-07-24 | N/A | 7.8 HIGH |
|
An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.
|
|||||
| CVE-2025-20257 | 1 Cisco | 1 Secure Network Analytics | 2025-07-23 | N/A | 6.5 MEDIUM |
|
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product.
Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls wit ...
Show More |
|||||
| CVE-2025-29757 | 2025-07-22 | N/A | N/A | ||
|
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
|
|||||
| CVE-2025-20300 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-07-21 | N/A | 4.3 MEDIUM |
|
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-c ...
Show More |
|||||
| CVE-2025-20674 | 2 Mediatek, Openwrt | 11 Mt6890, Mt6990, Mt7915 and 8 more | 2025-07-18 | N/A | 9.8 CRITICAL |
|
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
|
|||||
| CVE-2024-49808 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more | 2025-07-18 | N/A | 6.3 MEDIUM |
|
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
|
|||||
| CVE-2025-53943 | 2025-07-17 | N/A | N/A | ||
|
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.
|
|||||
| CVE-2025-50084 | 1 Oracle | 1 Mysql | 2025-07-17 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availab ...
Show More |
|||||
| CVE-2025-50085 | 1 Oracle | 1 Mysql | 2025-07-17 | N/A | 5.5 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or d ...
Show More |
|||||
| CVE-2025-50086 | 1 Oracle | 1 Mysql | 2025-07-17 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4. ...
Show More |
|||||
| CVE-2024-56114 | 1 Henkel | 1 Canlineapp | 2025-07-16 | N/A | 6.5 MEDIUM |
|
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.
|
|||||
| CVE-2025-43564 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
|
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed
|
|||||
| CVE-2025-26330 | 1 Dell | 1 Powerscale Onefs | 2025-07-15 | N/A | 7.0 HIGH |
|
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.
|
|||||