Total
2296 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8434 | 2 Anisha, Code Projects | 2 Online Movie Streaming, Online Movie Streaming | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8435 | 2 Anisha, Code-projects | 2 Online Movie Streaming, Online Movie Streaming | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-54583 | 1 Finos | 2 Git-proxy, Gitproxy | 2025-08-01 | 6.5 Medium |
| GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2. | ||||
| CVE-2024-9159 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-08-01 | N/A |
| An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not properly guarded by an admin check. | ||||
| CVE-2024-2698 | 2 Freeipa, Redhat | 4 Freeipa, Enterprise Linux, Enterprise Linux Eus and 1 more | 2025-08-01 | 8.8 High |
| A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule. | ||||
| CVE-2025-43230 | 1 Apple | 8 Ios, Ipados, Iphone Os and 5 more | 2025-08-01 | 4 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43251 | 1 Apple | 2 Macos, Macos Sequoia | 2025-07-31 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.6. A local attacker may gain access to Keychain items. | ||||
| CVE-2025-43197 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-07-31 | 4 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data. | ||||
| CVE-2024-27105 | 1 Frappe | 1 Frappe | 2025-07-31 | 8.1 High |
| Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2025-53902 | 1 Enalean | 1 Tuleap | 2025-07-31 | 4.3 Medium |
| Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5. | ||||
| CVE-2024-27309 | 1 Apache | 1 Kafka | 2025-07-30 | 7.4 High |
| While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Two preconditions are needed to trigger the bug: 1. The administrator decides to remove an ACL 2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal. When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct. The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain). The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period. | ||||
| CVE-2018-13382 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-07-30 | 9.1 Critical |
| An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests | ||||
| CVE-2019-7192 | 1 Qnap | 2 Photo Station, Qts | 2025-07-30 | 9.8 Critical |
| This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. | ||||
| CVE-2021-3493 | 1 Canonical | 1 Ubuntu Linux | 2025-07-30 | 8.8 High |
| The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. | ||||
| CVE-2021-30533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-07-30 | 6.5 Medium |
| Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | ||||
| CVE-2021-40655 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2025-07-30 | 7.5 High |
| An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page | ||||
| CVE-2021-3560 | 4 Canonical, Debian, Polkit Project and 1 more | 10 Ubuntu Linux, Debian Linux, Polkit and 7 more | 2025-07-30 | 7.8 High |
| It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2022-41091 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-30 | 5.4 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2022-46169 | 1 Cacti | 1 Cacti | 2025-07-30 | 9.8 Critical |
| Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch. | ||||
| CVE-2023-21715 | 1 Microsoft | 1 365 Apps | 2025-07-30 | 7.3 High |
| Microsoft Publisher Security Feature Bypass Vulnerability | ||||