Total
2609 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24887 | 1 Citeum | 1 Opencti | 2025-05-19 | N/A | 6.3 MEDIUM |
| OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the `external` flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as `otp_qr` and `otp_activated`. If external users exist in the OpenCTI setup and the information about these users identities is sensitive, the above vulnerabilities can be used to enumerate existing user accounts as a standard low privileged user. This issue has been patched in version 6.4.10. | |||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2025-05-16 | N/A | 9.8 CRITICAL |
| Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | |||||
| CVE-2025-4118 | 1 Weitong | 1 Mall | 2025-05-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4119 | 1 Weitong | 1 Mall | 2025-05-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1 leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-27134 | 1 Joplin Project | 1 Joplin | 2025-05-16 | N/A | 8.8 HIGH |
| Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3. | |||||
| CVE-2025-32376 | 1 Discourse | 1 Discourse | 2025-05-16 | N/A | 4.3 MEDIUM |
| Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable version 3.4.3 and beta version 3.5.0.beta3. | |||||
| CVE-2025-20076 | 2025-05-16 | N/A | 5.0 MEDIUM | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-39758 | 2025-05-16 | N/A | 5.9 MEDIUM | ||
| Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-45333 | 2025-05-16 | N/A | 7.3 HIGH | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-20052 | 2025-05-16 | N/A | 7.3 HIGH | ||
| Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-20100 | 2025-05-16 | N/A | 7.5 HIGH | ||
| Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-45371 | 2025-05-16 | N/A | 6.7 MEDIUM | ||
| Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-22844 | 2025-05-16 | N/A | 4.3 MEDIUM | ||
| Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2024-43101 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-2306 | 2025-05-16 | N/A | 5.9 MEDIUM | ||
| An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4. | |||||
| CVE-2025-4768 | 2025-05-16 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | |||||
| CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2025-05-15 | N/A | 5.5 MEDIUM |
| IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. | |||||
| CVE-2024-20926 | 3 Debian, Netapp, Oracle | 8 Debian Linux, Cloud Insights Acquisition Unit, Cloud Insights Storage Workload Security Agent and 5 more | 2025-05-15 | N/A | 5.9 MEDIUM |
| Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2024-20948 | 1 Oracle | 1 Knowledge Management | 2025-05-15 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-1166 | 1 Rems | 1 Food Menu Manager | 2025-05-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||