Total
203 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40845 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 6.5 Medium |
| The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | ||||
| CVE-2025-53073 | 1 Sentry | 1 Sentry | 2025-07-06 | 4.2 Medium |
| In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted). | ||||
| CVE-2023-4544 | 1 Byzoro | 1 Smart S85f Management Platform | 2025-07-01 | 4.3 Medium |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48205 | 1 Typo3 | 1 Sr Feuser Register Extension | 2025-06-24 | 8.6 High |
| The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2025-52920 | 2025-06-23 | 6.4 Medium | ||
| Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products on the website. To be specific, an attacker could view the order details of any order by browsing to /en/account/orders/_ORDER_ID_ or use the address and billing information of other customers by manipulating the shipping_address_id and billing_address_id parameters when making an order (this information is then reflected in the receipt). Additionally, an attacker could delete the reviews of other users by sending a DELETE request to /en/account/reviews/_REVIEW_ID. | ||||
| CVE-2025-47226 | 1 Snipeitapp | 1 Snipe-it | 2025-06-03 | 5 Medium |
| Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | ||||
| CVE-2024-0204 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-30 | 9.8 Critical |
| Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||
| CVE-2025-48207 | 2025-05-21 | 8.6 High | ||
| The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2025-48202 | 2025-05-21 | 5.3 Medium | ||
| The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2025-48201 | 2025-05-21 | 8.6 High | ||
| The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. | ||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | 8.8 High |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | ||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | 8.8 High |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | ||||
| CVE-2025-46690 | 1 Ververica | 1 Ververica Platform | 2025-05-12 | 5 Medium |
| Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request. | ||||
| CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 6.5 Medium |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | ||||
| CVE-2023-46186 | 1 Ibm | 1 Jazz For Service Management | 2025-05-08 | 5.3 Medium |
| IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. | ||||
| CVE-2022-28365 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.3 Medium |
| Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | ||||
| CVE-2025-27581 | 2025-04-29 | 4.3 Medium | ||
| NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | ||||
| CVE-2022-45276 | 1 Eyunjing | 1 Yjcms | 2025-04-25 | 9.8 Critical |
| An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | ||||
| CVE-2023-45596 | 1 Ailux | 2 Imx6, Imx6 Bundle | 2025-04-23 | 5.3 Medium |
| A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | ||||