Total
297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43700 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. | |||||
| CVE-2025-43697 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025 | |||||
| CVE-2025-43701 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. | |||||
| CVE-2025-43698 | 2025-06-12 | N/A | 9.1 CRITICAL | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025 | |||||
| CVE-2025-43699 | 2025-06-12 | N/A | 5.3 MEDIUM | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This impacts OmniStudio: before Spring 2025 | |||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2025-06-10 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | |||||
| CVE-2025-26691 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-26693 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-27247 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-27563 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2024-46941 | 2025-06-06 | N/A | N/A | ||
| SystemUI has an incorrect component protection setting, which allows access to specific information. | |||||
| CVE-2025-43026 | 2025-06-06 | N/A | N/A | ||
| A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | |||||
| CVE-2025-27703 | 1 Absolute | 1 Secure Access | 2025-06-04 | N/A | 6.0 MEDIUM |
| CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. | |||||
| CVE-2022-38577 | 1 Processmaker | 1 Processmaker | 2025-06-03 | N/A | 8.8 HIGH |
| ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. | |||||
| CVE-2024-57698 | 1 Modernwms | 1 Modernwms | 2025-05-28 | N/A | 7.5 HIGH |
| An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint. | |||||
| CVE-2024-30187 | 1 Anope | 1 Anope | 2025-05-28 | N/A | 5.3 MEDIUM |
| Anope before 2.0.15 does not prevent resetting the password of a suspended account. | |||||
| CVE-2024-53355 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | N/A | 8.8 HIGH |
| Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduser route; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/users route; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route. | |||||
| CVE-2024-57439 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 4.9 MEDIUM |
| An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. | |||||
| CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2025-05-13 | N/A | 8.8 HIGH |
| A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | |||||
| CVE-2022-41708 | 1 Relatedcode | 1 Messenger | 2025-05-08 | N/A | 4.3 MEDIUM |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | |||||