Total
3758 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46851 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 9.8 Critical |
| The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback. | ||||
| CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | ||||
| CVE-2022-39884 | 1 Google | 1 Android | 2025-05-01 | 4.3 Medium |
| Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | ||||
| CVE-2021-26360 | 1 Amd | 36 Enterprise Driver, Radeon Pro Software, Radeon Pro W6300m and 33 more | 2025-05-01 | 7.8 High |
| An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP. | ||||
| CVE-2022-43679 | 1 Owncloud | 1 Owncloud | 2025-05-01 | 4.2 Medium |
| The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. | ||||
| CVE-2022-27673 | 1 Amd | 1 Amd Link | 2025-05-01 | 7.5 High |
| Insufficient access controls in the AMD Link Android app may potentially result in information disclosure. | ||||
| CVE-2025-23083 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-04-30 | N/A |
| With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. | ||||
| CVE-2023-30587 | 1 Nodejs | 1 Nodejs | 2025-04-30 | 7.5 High |
| A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector). By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2023-30583 | 1 Nodejs | 1 Nodejs | 2025-04-30 | 7.5 High |
| fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2023-30582 | 1 Nodejs | 1 Nodejs | 2025-04-30 | 5.3 Medium |
| A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2022-32212 | 5 Debian, Fedoraproject, Nodejs and 2 more | 7 Debian Linux, Fedora, Node.js and 4 more | 2025-04-30 | 8.1 High |
| A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | ||||
| CVE-2023-44031 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 7.5 High |
| Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request. | ||||
| CVE-2025-3969 | 1 Code-projects | 1 News Publishing Site Dashboard | 2025-04-30 | 6.3 Medium |
| A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3830 | 1 Kuangstudy | 1 Kuangsimplebbs | 2025-04-30 | 6.3 Medium |
| A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42772 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
| CVE-2024-42775 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
| CVE-2024-42776 | 2 Jayesh, Kashipara | 2 Hotel Management System, Hotel Management System | 2025-04-30 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | ||||
| CVE-2024-32418 | 1 Flusity | 1 Flusity | 2025-04-30 | 9.8 Critical |
| An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. | ||||
| CVE-2024-27602 | 1 Alldata | 1 Alldata | 2025-04-30 | 9.1 Critical |
| Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module. | ||||
| CVE-2025-32796 | 1 Langgenius | 1 Dify | 2025-04-30 | 6.5 Medium |
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps. | ||||