Total
29579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37923 | 1 Tonybybell | 1 Gtkwave | 2025-06-17 | 7.8 High |
| Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. | ||||
| CVE-2023-37921 | 1 Tonybybell | 1 Gtkwave | 2025-06-17 | 7.8 High |
| Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility. | ||||
| CVE-2023-29051 | 1 Open-xchange | 1 Ox App Suite | 2025-06-17 | 8.1 High |
| User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known. | ||||
| CVE-2024-20809 | 1 Samsung | 1 Nearby Device Scanning | 2025-06-17 | 4 Medium |
| Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | ||||
| CVE-2024-20808 | 1 Samsung | 1 Nearby Device Scanning | 2025-06-17 | 4 Medium |
| Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | ||||
| CVE-2024-20806 | 1 Samsung | 1 Android | 2025-06-17 | 6.2 Medium |
| Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. | ||||
| CVE-2023-47858 | 1 Mattermost | 1 Mattermost Server | 2025-06-17 | 4.3 Medium |
| Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint. | ||||
| CVE-2024-28000 | 1 Litespeedtech | 1 Litespeed Cache | 2025-06-17 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. | ||||
| CVE-2025-33072 | 1 Microsoft | 1 Msagsfeedback.azurewebsites.net | 2025-06-17 | 8.1 High |
| Improper access control in Azure allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-06-17 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-28197 | 1 Apple | 1 Macos | 2025-06-17 | 3.3 Low |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | ||||
| CVE-2021-46903 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 6.5 Medium |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | ||||
| CVE-2023-47202 | 1 Trendmicro | 1 Apex One | 2025-06-17 | 7.8 High |
| A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2025-06-17 | 6.1 Medium |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | ||||
| CVE-2023-3655 | 1 Cashit | 1 Cashit\! | 2025-06-17 | 7.5 High |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | ||||
| CVE-2023-6447 | 1 Metagauss | 1 Eventprime | 2025-06-17 | 5.3 Medium |
| The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | ||||
| CVE-2023-27001 | 1 Egerie | 1 Egerie | 2025-06-17 | 8.8 High |
| An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation. | ||||
| CVE-2023-50333 | 1 Mattermost | 1 Mattermost Server | 2025-06-17 | 3.7 Low |
| Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names. | ||||
| CVE-2024-25677 | 1 Minbrowser | 1 Min | 2025-06-16 | 8.8 High |
| In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. | ||||
| CVE-2023-51065 | 1 Qstar | 1 Archive Storage Manager | 2025-06-16 | 7.5 High |
| Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. | ||||