Export limit exceeded: 346634 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47256 | 1 Connectwise | 2 Automate, Screenconnect | 2025-06-17 | 5.5 Medium |
| ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings | ||||
| CVE-2023-52099 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-17 | 7.5 High |
| Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-50159 | 1 Scalefusion | 1 Scalefusion | 2025-06-17 | 8.8 High |
| In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | ||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | 5.3 Medium |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | ||||
| CVE-2021-3784 | 1 Garudalinux | 1 Garuda Linux | 2025-06-17 | 5.3 Medium |
| Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password. | ||||
| CVE-2025-4316 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | 4.3 Medium |
| Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0. | ||||
| CVE-2025-25504 | 1 Niceforyou | 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc | 2025-06-17 | 6.5 Medium |
| An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges. | ||||
| CVE-2024-29866 | 1 Datalust | 1 Seq | 2025-06-17 | 9.1 Critical |
| Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. | ||||
| CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2025-06-17 | 3.7 Low |
| Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | ||||
| CVE-2024-28735 | 2 Coda, Unit4 | 2 Unit 4 Financials, Financials By Coda | 2025-06-17 | 8.1 High |
| Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request. | ||||
| CVE-2024-37289 | 1 Trendmicro | 1 Apex One | 2025-06-16 | 7.8 High |
| An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-45607 | 1 Liaoxuefeng | 1 Itranswarp | 2025-06-16 | 9.8 Critical |
| An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication via a crafted request. | ||||
| CVE-2025-45612 | 1 Exrick | 1 Xmall | 2025-06-16 | 9.8 Critical |
| Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | ||||
| CVE-2024-25677 | 1 Minbrowser | 1 Min | 2025-06-16 | 8.8 High |
| In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | ||||
| CVE-2023-51751 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2025-06-16 | 7.3 High |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | ||||
| CVE-2023-51717 | 1 Dataiku | 1 Data Science Studio | 2025-06-16 | 9.8 Critical |
| Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | ||||
| CVE-2023-51065 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | 7.5 High |
| Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. | ||||
| CVE-2025-4538 | 1 Keking | 1 Kkfileview | 2025-06-16 | 6.3 Medium |
| A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5130 | 1 Project Team | 1 Tmall Demo | 2025-06-16 | 4.7 Medium |
| A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5428 | 1 Juzaweb | 1 Cms | 2025-06-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||