Total
888 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23528 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1. | |||||
| CVE-2025-23407 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges. | |||||
| CVE-2025-23391 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4. | |||||
| CVE-2025-23260 | 1 Nvidia | 1 Aistore | 2026-06-17 | N/A | 5.0 MEDIUM |
| NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure. | |||||
| CVE-2025-22736 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2. | |||||
| CVE-2025-22415 | 1 Google | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-21092 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. | |||||
| CVE-2025-1881 | 1 I-drive | 4 I11, I11 Firmware, I12 and 1 more | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | |||||
| CVE-2025-1847 | 1 Zframeworks | 1 Zz | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1815 | 2026-06-17 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in pbrong hrms up to 1.0.1. This affects the function HrmsDB of the file \resource\resource.go. The manipulation of the argument user_cookie leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1806 | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue. | |||||
| CVE-2025-1653 | 1 Stylemixthemes | 1 Ulisting | 2026-06-17 | N/A | 8.8 HIGH |
| The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | |||||
| CVE-2025-1226 | 1 R1bbit | 1 Yimioa | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-1078 | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. | |||||
| CVE-2025-15656 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0. | |||||
| CVE-2025-15597 | 1 Fit2cloud | 1 Sqlbot | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.0 mitigates this issue. The name of the patch is d640ac31d1ce64ce90e06cf7081163915c9fc28c. Upgrading the affected component is recommended. Multiple endpoints are affected. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-15213 | 1 Fabian | 1 Student File Management System | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15126 | 1 Jeecg | 1 Jeecg Boot | 2026-06-17 | 2.1 LOW | 3.1 LOW |
| A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15125 | 1 Jeecg | 1 Jeecg Boot | 2026-06-17 | 2.1 LOW | 3.1 LOW |
| A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15124 | 1 Jeecg | 1 Jeecg Boot | 2026-06-17 | 2.1 LOW | 3.1 LOW |
| A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||