Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50921 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | N/A | 6.5 MEDIUM |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. | |||||
| CVE-2024-50920 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | N/A | 8.8 HIGH |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | |||||
| CVE-2024-50930 | 1 Silabs | 3 Z-wave Software Development Kit, Zm5101, Zm5202 | 2025-07-01 | N/A | 8.8 HIGH |
| An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. | |||||
| CVE-2024-50931 | 1 Silabs | 3 Z-wave Software Development Kit, Zm5101, Zm5202 | 2025-07-01 | N/A | 4.6 MEDIUM |
| Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | |||||
| CVE-2024-56191 | 1 Google | 1 Android | 2025-06-27 | N/A | 8.4 HIGH |
| In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56192 | 1 Google | 1 Android | 2025-06-27 | N/A | 7.8 HIGH |
| In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-21541 | 1 Oracle | 1 Workflow | 2025-06-23 | N/A | 5.4 MEDIUM |
| Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2025-21544 | 1 Oracle | 1 Communications Order And Service Management | 2025-06-20 | N/A | 5.4 MEDIUM |
| Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-26691 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-26693 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-27247 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-27563 | 1 Openatom | 1 Openharmony | 2025-06-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | |||||
| CVE-2025-27703 | 1 Absolute | 1 Secure Access | 2025-06-04 | N/A | 6.0 MEDIUM |
| CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. | |||||
| CVE-2022-38577 | 1 Processmaker | 1 Processmaker | 2025-06-03 | N/A | 8.8 HIGH |
| ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. | |||||
| CVE-2024-57698 | 1 Modernwms | 1 Modernwms | 2025-05-28 | N/A | 7.5 HIGH |
| An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint. | |||||
| CVE-2024-30187 | 1 Anope | 1 Anope | 2025-05-28 | N/A | 5.3 MEDIUM |
| Anope before 2.0.15 does not prevent resetting the password of a suspended account. | |||||
| CVE-2024-53355 | 1 Easyvirt | 2 Co2scope, Dcscope | 2025-05-23 | N/A | 8.8 HIGH |
| Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduser route; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/users route; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route. | |||||
| CVE-2024-57439 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 4.9 MEDIUM |
| An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. | |||||
| CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2025-05-13 | N/A | 8.8 HIGH |
| A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | |||||
| CVE-2022-41708 | 1 Relatedcode | 1 Messenger | 2025-05-08 | N/A | 4.3 MEDIUM |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | |||||