Total
4251 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54338 | 2025-11-24 | 7.5 High | ||
| An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes. | ||||
| CVE-2025-13411 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-24 | 4.7 Medium |
| A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-63958 | 2025-11-24 | 9.8 Critical | ||
| MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function. | ||||
| CVE-2025-13573 | 1 Projectworlds | 1 Can Pass Malicious Payloads | 2025-11-24 | 6.3 Medium |
| A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-47222 | 1 Keyfactor | 1 Signserver | 2025-11-24 | 6.5 Medium |
| Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 3 of 3. | ||||
| CVE-2025-47221 | 1 Keyfactor | 1 Signserver | 2025-11-24 | 5.3 Medium |
| Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 2 of 3. | ||||
| CVE-2025-47220 | 1 Keyfactor | 1 Signserver | 2025-11-24 | 5.3 Medium |
| Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue 1 of 3. | ||||
| CVE-2025-63214 | 1 Bridgetech | 1 Vbc Server Element Manager | 2025-11-24 | 6.5 Medium |
| An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts. | ||||
| CVE-2025-63218 | 1 Axeltechnology | 2 Wolf1ms, Wolf2ms | 2025-11-24 | 9.8 Critical |
| The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | ||||
| CVE-2025-37155 | 1 Hpe | 1 Arubaos-cx | 2025-11-24 | 7.8 High |
| A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system. | ||||
| CVE-2025-64483 | 1 Wazuh | 2 Wazuh, Wazuh-dashboard | 2025-11-24 | N/A |
| Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0. | ||||
| CVE-2024-8164 | 1 Beikeshop | 2 Beikeshop, Chengdu Everbrite Network Technology | 2025-11-24 | 6.3 Medium |
| A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2025-11-22 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59273 | 1 Microsoft | 3 Azure, Azure Event Grid, Azure Event Grid System | 2025-11-22 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59218 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2025-11-22 | 9.6 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2025-59253 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-11-22 | 5.5 Medium |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59230 | 1 Microsoft | 31 Remote, Windows, Windows 10 and 28 more | 2025-11-22 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58726 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-11-22 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-58724 | 1 Microsoft | 6 Arc Enabled Servers Azure Connected Machine Agent, Azure, Azure Agent and 3 more | 2025-11-22 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58714 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-11-22 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||