Filtered by NVD-CWE-Other
Total 29581 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20806 1 Samsung 1 Android 2025-06-17 6.2 Medium
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
CVE-2023-47858 1 Mattermost 1 Mattermost Server 2025-06-17 4.3 Medium
Mattermost fails to properly verify the permissions needed for viewing archived public channels,  allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.
CVE-2024-28000 1 Litespeedtech 1 Litespeed Cache 2025-06-17 9.8 Critical
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
CVE-2023-28197 1 Apple 1 Macos 2025-06-17 3.3 Low
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data.
CVE-2021-46903 1 Meinbergglobal 1 Lantime Firmware 2025-06-17 6.5 Medium
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).
CVE-2023-47202 1 Trendmicro 1 Apex One 2025-06-17 7.8 High
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-23055 1 Plone 1 Plone Docker Official Image 2025-06-17 6.1 Medium
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
CVE-2023-3655 1 Cashit 1 Cashit\! 2025-06-17 7.5 High
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network.
CVE-2023-6447 1 Metagauss 1 Eventprime 2025-06-17 5.3 Medium
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
CVE-2023-27001 1 Egerie 1 Egerie 2025-06-17 8.8 High
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation.
CVE-2023-50333 1 Mattermost 1 Mattermost Server 2025-06-17 3.7 Low
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.
CVE-2024-25677 1 Minbrowser 1 Min 2025-06-16 8.8 High
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
CVE-2023-51065 1 Qstar 1 Archive Storage Manager 2025-06-16 7.5 High
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.
CVE-2023-45648 3 Apache, Debian, Redhat 6 Tomcat, Debian Linux, Enterprise Linux and 3 more 2025-06-16 5.3 Medium
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
CVE-2024-44106 1 Ivanti 2 Automation, Workspace Control 2025-06-12 8.8 High
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2023-20261 1 Cisco 1 Catalyst Sd-wan Manager 2025-06-12 6.5 Medium
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.
CVE-2022-26461 2 Google, Mediatek 15 Android, Mt6833, Mt6853 and 12 more 2025-06-12 6.7 Medium
In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604.
CVE-2023-52325 1 Trendmicro 1 Apex Central 2025-06-11 7.5 High
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.
CVE-2023-47132 1 N-able 1 N-central 2025-06-11 9.8 Critical
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
CVE-2021-24566 1 Pluginus 1 Fox - Currency Switcher Professional For Woocommerce 2025-06-11 8.8 High
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.