Total
601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3237 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-05-28 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1847 | 1 Zframeworks | 1 Zz | 2025-05-26 | 6.3 Medium |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-47631 | 2025-05-23 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11. | ||||
| CVE-2025-4692 | 2025-05-23 | 6.8 Medium | ||
| Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform. | ||||
| CVE-2025-39489 | 2025-05-23 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0. | ||||
| CVE-2025-48695 | 2025-05-23 | 6.4 Medium | ||
| An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved). | ||||
| CVE-2025-31918 | 2025-05-23 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple Business Directory Pro: from n/a through 15.4.8. | ||||
| CVE-2023-6477 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 6.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation. | ||||
| CVE-2025-0131 | 2025-05-21 | N/A | ||
| An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit. | ||||
| CVE-2025-39405 | 2025-05-21 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | ||||
| CVE-2025-39366 | 2025-05-21 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | ||||
| CVE-2025-39459 | 2025-05-21 | 7.3 High | ||
| Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through 3.5.2. | ||||
| CVE-2025-4118 | 1 Weitong | 1 Mall | 2025-05-16 | 5.3 Medium |
| A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4119 | 1 Weitong | 1 Mall | 2025-05-16 | 5.3 Medium |
| A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3744 | 1 Hashicorp | 1 Nomad | 2025-05-15 | 7.6 High |
| Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13. | ||||
| CVE-2025-22247 | 2025-05-14 | 6.1 Medium | ||
| VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. | ||||
| CVE-2025-3663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-12 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3666 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-12 | 5.3 Medium |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3667 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-12 | 5.3 Medium |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3668 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-12 | 5.3 Medium |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||