Total
29581 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-20806 | 1 Samsung | 1 Android | 2025-06-17 | 6.2 Medium |
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. | ||||
CVE-2023-47858 | 1 Mattermost | 1 Mattermost Server | 2025-06-17 | 4.3 Medium |
Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint. | ||||
CVE-2024-28000 | 1 Litespeedtech | 1 Litespeed Cache | 2025-06-17 | 9.8 Critical |
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. | ||||
CVE-2023-28197 | 1 Apple | 1 Macos | 2025-06-17 | 3.3 Low |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | ||||
CVE-2021-46903 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 6.5 Medium |
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | ||||
CVE-2023-47202 | 1 Trendmicro | 1 Apex One | 2025-06-17 | 7.8 High |
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2025-06-17 | 6.1 Medium |
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | ||||
CVE-2023-3655 | 1 Cashit | 1 Cashit\! | 2025-06-17 | 7.5 High |
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | ||||
CVE-2023-6447 | 1 Metagauss | 1 Eventprime | 2025-06-17 | 5.3 Medium |
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | ||||
CVE-2023-27001 | 1 Egerie | 1 Egerie | 2025-06-17 | 8.8 High |
An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation. | ||||
CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2025-06-17 | 3.7 Low |
Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | ||||
CVE-2024-25677 | 1 Minbrowser | 1 Min | 2025-06-16 | 8.8 High |
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | ||||
CVE-2023-51065 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | 7.5 High |
Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. | ||||
CVE-2023-45648 | 3 Apache, Debian, Redhat | 6 Tomcat, Debian Linux, Enterprise Linux and 3 more | 2025-06-16 | 5.3 Medium |
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | ||||
CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
CVE-2023-20261 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-06-12 | 6.5 Medium |
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user. | ||||
CVE-2022-26461 | 2 Google, Mediatek | 15 Android, Mt6833, Mt6853 and 12 more | 2025-06-12 | 6.7 Medium |
In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032604; Issue ID: ALPS07032604. | ||||
CVE-2023-52325 | 1 Trendmicro | 1 Apex Central | 2025-06-11 | 7.5 High |
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. | ||||
CVE-2023-47132 | 1 N-able | 1 N-central | 2025-06-11 | 9.8 Critical |
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | ||||
CVE-2021-24566 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2025-06-11 | 8.8 High |
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode. |