ReportizFlow
Filtered by vendor
Subscriptions
Total
4211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | ||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | ||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | ||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | ||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 7.2 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | ||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | ||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | ||||
| CVE-2025-28413 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | ||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2025-04-09 | 6.4 Medium |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | ||||
| CVE-2023-0017 | 1 Sap | 1 Netweaver Application Server For Java | 2025-04-09 | 9.4 Critical |
| An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | ||||
| CVE-2009-2092 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2008-2947 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | ||||
| CVE-2025-3325 | 1 Iteaj | 1 Iboot | 2025-04-08 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3298 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-08 | 4.3 Medium |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Registration Handler. The manipulation of the argument email leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3305 | 1 1902756969 | 1 Ikun Library | 2025-04-08 | 4.3 Medium |
| A vulnerability has been found in 1902756969/code-projects IKUN_Library 1.0 and classified as problematic. This vulnerability affects the function addInterceptors of the file MvcConfig.java of the component Borrow Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-49931 | 1 Couchbase | 1 Couchbase Server | 2025-04-08 | 9.8 Critical |
| An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted. | ||||
| CVE-2024-20397 | 2025-04-08 | 5.2 Medium | ||
| A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. | ||||
| CVE-2025-2993 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2995 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2996 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||