Filtered by CWE-284
Filtered by vendor Subscriptions
Total 3790 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-48817 1 Microsoft 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more 2025-07-21 8.8 High
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-47993 1 Microsoft 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 2025-07-21 7.8 High
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-7906 2025-07-20 6.3 Medium
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7898 2025-07-20 4.7 Medium
A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7895 2025-07-20 6.3 Medium
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.
CVE-2025-7880 2025-07-20 6.3 Medium
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/common/sms/sendsms.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7879 2025-07-20 6.3 Medium
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mobileupload.jsp. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7878 2025-07-20 6.3 Medium
A vulnerability, which was classified as critical, was found in Metasoft 美特软件 MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7877 2025-07-20 6.3 Medium
A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7874 2025-07-20 5.3 Medium
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /env.jsp. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-7864 2025-07-20 6.3 Medium
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.
CVE-2025-50060 2025-07-19 8.1 High
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle BI Publisher accessible data as well as unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
CVE-2025-33073 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-19 8.8 High
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2024-7040 1 Openwebui 1 Open Webui 2025-07-18 N/A
In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. However, by modifying the user_id parameter, it is possible to view the chats of any administrator, including those of other admin (owner) accounts.
CVE-2025-52168 2025-07-18 6.5 Medium
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.
CVE-2025-52166 2025-07-18 6.5 Medium
Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.
CVE-2025-45157 2025-07-18 6.5 Medium
Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.
CVE-2025-7477 1 Fabianros 1 Simple Car Rental System 2025-07-18 4.7 Medium
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-44526 1 Realtek 2 Rtl8762e Software Development Kit, Rtl8762ekf-evb 2025-07-18 6.5 Medium
Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.
CVE-2024-32124 1 Fortinet 1 Fortiisolator 2025-07-18 4 Medium
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.