Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4544 | 1 Byzoro | 1 Smart S85f Management Platform | 2025-07-01 | 4.3 Medium |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-53073 | 2025-06-26 | 4.2 Medium | ||
| In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted). | ||||
| CVE-2025-41404 | 2025-06-26 | N/A | ||
| Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product. | ||||
| CVE-2025-6352 | 1 Code-projects | 1 Automated Voting System | 2025-06-26 | 5.3 Medium |
| A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2025-06-25 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | ||||
| CVE-2025-52920 | 2025-06-23 | 6.4 Medium | ||
| Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products on the website. To be specific, an attacker could view the order details of any order by browsing to /en/account/orders/_ORDER_ID_ or use the address and billing information of other customers by manipulating the shipping_address_id and billing_address_id parameters when making an order (this information is then reflected in the receipt). Additionally, an attacker could delete the reviews of other users by sending a DELETE request to /en/account/reviews/_REVIEW_ID. | ||||
| CVE-2025-47226 | 1 Snipeitapp | 1 Snipe-it | 2025-06-03 | 5 Medium |
| Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | ||||
| CVE-2024-0204 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-30 | 9.8 Critical |
| Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||
| CVE-2024-0861 | 1 Gitlab | 1 Gitlab | 2025-05-22 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions. | ||||
| CVE-2025-48207 | 2025-05-21 | 8.6 High | ||
| The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2025-48201 | 2025-05-21 | 8.6 High | ||
| The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. | ||||
| CVE-2025-48205 | 2025-05-21 | 8.6 High | ||
| The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2025-48202 | 2025-05-21 | 5.3 Medium | ||
| The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | ||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | 8.8 High |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | ||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | 8.8 High |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | ||||
| CVE-2022-40845 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2025-05-13 | 6.5 Medium |
| The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | ||||
| CVE-2025-46690 | 1 Ververica | 1 Ververica Platform | 2025-05-12 | 5 Medium |
| Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request. | ||||
| CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 6.5 Medium |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | ||||
| CVE-2023-46186 | 1 Ibm | 1 Jazz For Service Management | 2025-05-08 | 5.3 Medium |
| IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. | ||||