Total
4777 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41937 | 1 Xwiki | 1 Xwiki | 2025-04-23 | 9.6 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f. | ||||
| CVE-2022-46158 | 1 Prestashop | 1 Prestashop | 2025-04-23 | 5.3 Medium |
| PrestaShop is an open-source e-commerce solution. Versions prior to 1.7.8.8 did not properly restrict host filesystem access for users. Users may have been able to view the contents of the upload directory without appropriate permissions. This issue has been addressed and users are advised to upgrade to version 1.7.8.8. There are no known workarounds for this issue. | ||||
| CVE-2023-51650 | 1 Apache | 1 Hertzbeat | 2025-04-23 | 7.5 High |
| Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. | ||||
| CVE-2025-25953 | 2025-04-23 | 6.5 Medium | ||
| Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. | ||||
| CVE-2022-39099 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39098 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39097 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39096 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39095 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39094 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39093 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39092 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39091 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39090 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2025-1021 | 2025-04-23 | 7.5 High | ||
| Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2025-3843 | 2025-04-23 | 4.3 Medium | ||
| A vulnerability was found in panhainan DS-Java 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2298 | 2025-04-23 | N/A | ||
| An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to insufficient access controls on an API endpoint, enabling any authenticated user to specify and delete files outside their intended scope. Exploiting this flaw could lead to data loss, denial of service (DoS), and potential escalation of impact depending on the deleted files. Affected versions: * Any version of Dremio below 24.0.0 * Dremio 24.3.0 - 24.3.16 * Dremio 25.0.0 - 25.0.14 * Dremio 25.1.0 - 25.1.7 * Dremio 25.2.0 - 25.2.4 Fixed in version: * Dremio 24.3.17 and above * Dremio 25.0.15 and above * Dremio 25.1.8 and above * Dremio 25.2.5 and above * Dremio 26.0.0 and above | ||||
| CVE-2022-3946 | 1 Welcart | 1 Welcart E-commerce | 2025-04-22 | 6.5 Medium |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods. | ||||
| CVE-2022-20240 | 1 Google | 1 Android | 2025-04-22 | 2.3 Low |
| In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 | ||||
| CVE-2024-20032 | 2 Google, Mediatek | 36 Android, Mt6580, Mt6739 and 33 more | 2025-04-22 | 6.7 Medium |
| In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020. | ||||