Total
4314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36535 | 1 Layer5 | 1 Meshery | 2025-09-03 | N/A | 9.8 CRITICAL |
| Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-43031 | 1 Autman | 1 Autman | 2025-09-03 | N/A | 4.3 MEDIUM |
| autMan v2.9.6 was discovered to contain an access control issue. | |||||
| CVE-2022-20358 | 1 Google | 1 Android | 2025-09-03 | N/A | 3.3 LOW |
| In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 | |||||
| CVE-2025-9461 | 1 Diyhi | 1 Bbs | 2025-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-57219 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | |||||
| CVE-2025-8344 | 1 Viglet | 1 Shio | 2025-09-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8795 | 1 Litmuschaos | 1 Litmus | 2025-09-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29514 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 9.8 CRITICAL |
| Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | |||||
| CVE-2025-29515 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 9.8 CRITICAL |
| Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | |||||
| CVE-2025-29520 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 5.3 MEDIUM |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | |||||
| CVE-2025-9476 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9475 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-57758 | 1 Contao | 1 Contao | 2025-09-02 | N/A | 4.3 MEDIUM |
| Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE. | |||||
| CVE-2023-40070 | 2 Apple, Intel | 2 Macos, Power Gadget | 2025-09-02 | N/A | 8.8 HIGH |
| Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-32483 | 1 Intel | 1 Endpoint Management Assistant | 2025-09-02 | N/A | 8.2 HIGH |
| Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-44271 | 1 Apple | 1 Macos | 2025-09-02 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. | |||||
| CVE-2024-42048 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| OpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated users to write to the installation path. In combination with the application's behavior of loading DLLs from this location, this allows for DLL hijacking and may result in arbitrary code execution and privilege escalation. | |||||
| CVE-2025-39247 | 2025-08-29 | N/A | 8.6 HIGH | ||
| There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | |||||
| CVE-2025-8525 | 1 Exrick | 1 Xboot | 2025-08-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8526 | 1 Exrick | 1 Xboot | 2025-08-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||