Total
4086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39877 | 2 Google, Samsung | 2 Android, Group Sharing | 2025-05-20 | 4 Medium |
| Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | ||||
| CVE-2025-27191 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-05-20 | 5.3 Medium |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-34431 | 1 Dell | 1 Hybrid Client | 2025-05-19 | 6.5 Medium |
| Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible. | ||||
| CVE-2025-23164 | 2025-05-19 | N/A | ||
| A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled. | ||||
| CVE-2025-24887 | 1 Citeum | 1 Opencti | 2025-05-19 | 6.3 Medium |
| OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the `external` flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as `otp_qr` and `otp_activated`. If external users exist in the OpenCTI setup and the information about these users identities is sensitive, the above vulnerabilities can be used to enumerate existing user accounts as a standard low privileged user. This issue has been patched in version 6.4.10. | ||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2025-05-16 | 9.8 Critical |
| Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | ||||
| CVE-2025-4118 | 1 Weitong | 1 Mall | 2025-05-16 | 5.3 Medium |
| A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4119 | 1 Weitong | 1 Mall | 2025-05-16 | 5.3 Medium |
| A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-27134 | 1 Joplin Project | 1 Joplin | 2025-05-16 | 8.8 High |
| Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3. | ||||
| CVE-2025-32376 | 1 Discourse | 1 Discourse | 2025-05-16 | 4.3 Medium |
| Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3. | ||||
| CVE-2025-4768 | 2025-05-16 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | ||||
| CVE-2025-22844 | 2025-05-16 | 4.3 Medium | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2025-20052 | 2025-05-16 | 7.3 High | ||
| Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20076 | 2025-05-16 | 5 Medium | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-45333 | 2025-05-16 | 7.3 High | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-43101 | 2025-05-16 | 5.3 Medium | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-45371 | 2025-05-16 | 6.7 Medium | ||
| Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-39758 | 2025-05-16 | 5.9 Medium | ||
| Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20100 | 2025-05-16 | 7.5 High | ||
| Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-2306 | 2025-05-16 | 5.9 Medium | ||
| An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4. | ||||