Total
3537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4333 | 2025-05-07 | 6.3 Medium | ||
| A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | ||||
| CVE-2025-23367 | 1 Redhat | 7 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 4 more | 2025-05-06 | 6.5 Medium |
| A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. | ||||
| CVE-2022-32918 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-32904 | 1 Apple | 1 Macos | 2025-05-06 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. | ||||
| CVE-2025-4051 | 2025-05-06 | 6.3 Medium | ||
| Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | ||||
| CVE-2024-20325 | 1 Cisco | 1 Unified Intelligence Center | 2025-05-06 | 5.1 Medium |
| A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | ||||
| CVE-2025-32726 | 2025-05-06 | 6.8 Medium | ||
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29810 | 2025-05-06 | 7.5 High | ||
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29804 | 2025-05-06 | 7.3 High | ||
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27738 | 2025-05-06 | 6.5 Medium | ||
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-26678 | 2025-05-06 | 8.4 High | ||
| Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-21197 | 2025-05-06 | 6.5 Medium | ||
| Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | ||||
| CVE-2025-27744 | 2025-05-06 | 7.8 High | ||
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25962 | 2025-05-06 | 9.8 Critical | ||
| An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function | ||||
| CVE-2024-48905 | 2025-05-06 | 9.1 Critical | ||
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | ||||
| CVE-2025-45613 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45612 | 2025-05-06 | 9.8 Critical | ||
| Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | ||||
| CVE-2025-45611 | 2025-05-06 | 9.8 Critical | ||
| Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | ||||
| CVE-2025-45610 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. | ||||