Total
3484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45475 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-04-29 | 6.5 Medium |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | ||||
| CVE-2024-30148 | 2025-04-29 | 4.1 Medium | ||
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2025-43862 | 2025-04-29 | 7.6 High | ||
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs. | ||||
| CVE-2025-32470 | 2025-04-29 | 7.5 High | ||
| A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device. | ||||
| CVE-2025-3978 | 2025-04-29 | 4.3 Medium | ||
| A vulnerability was found in dazhouda lecms 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/view/default/user_set.htm. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4006 | 2025-04-29 | 4.7 Medium | ||
| A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3975 | 2025-04-29 | 5.3 Medium | ||
| A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3966 | 2025-04-29 | 4.3 Medium | ||
| A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4036 | 2025-04-29 | 6.3 Medium | ||
| A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2025-04-29 | 9.8 Critical |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | ||||
| CVE-2024-46609 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 7.5 High |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | ||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.5 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | ||||
| CVE-2024-42797 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 9.8 Critical |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | ||||
| CVE-2024-46607 | 1 Thecosy | 1 Icecms | 2025-04-28 | 7.6 High |
| Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | ||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | 6.5 Medium |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | ||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | 5.3 Medium |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | ||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2025-04-28 | 8.8 High |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | ||||
| CVE-2024-44571 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | ||||
| CVE-2024-42794 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 4.7 Medium |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | ||||
| CVE-2024-42795 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 4.2 Medium |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | ||||