ReportizFlow
Filtered by vendor
Subscriptions
Total
3647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5390 | 2025-06-02 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-5436 | 2025-06-02 | 5.3 Medium | ||
| A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48899 | 1 Moodle | 1 Moodle | 2025-06-02 | 4.3 Medium |
| A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | ||||
| CVE-2024-0642 | 1 Cires21 | 1 Live Encoder | 2025-06-02 | 9.8 Critical |
| Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management. | ||||
| CVE-2025-44619 | 2025-05-31 | 9.1 Critical | ||
| Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. | ||||
| CVE-2025-32726 | 2025-05-30 | 6.8 Medium | ||
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29810 | 2025-05-30 | 7.5 High | ||
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29804 | 2025-05-30 | 7.3 High | ||
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27738 | 2025-05-30 | 6.5 Medium | ||
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-26678 | 2025-05-30 | 8.4 High | ||
| Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-21197 | 2025-05-30 | 6.5 Medium | ||
| Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | ||||
| CVE-2025-27744 | 2025-05-30 | 7.8 High | ||
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-57336 | 2025-05-30 | 6.5 Medium | ||
| Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access. | ||||
| CVE-2025-4431 | 2025-05-30 | 4.3 Medium | ||
| The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post. | ||||
| CVE-2025-4433 | 2025-05-30 | 8.8 High | ||
| Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges. | ||||
| CVE-2023-43848 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | 8 High |
| Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request. | ||||
| CVE-2023-43847 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | 5.3 Medium |
| Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests. | ||||
| CVE-2023-43849 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | 6.5 Medium |
| Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution. | ||||
| CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | ||||
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | ||||