Total
4157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46299 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app. | |||||
| CVE-2025-46297 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container. | |||||
| CVE-2025-46292 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data. | |||||
| CVE-2025-46288 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens. | |||||
| CVE-2025-46282 | 1 Apple | 2 Macos, Safari | 2026-06-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-46175 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.5 HIGH |
| Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java. | |||||
| CVE-2025-46174 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.5 HIGH |
| Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java. | |||||
| CVE-2025-46118 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller. | |||||
| CVE-2025-46014 | 1 Honor | 1 Pc Manager | 2026-06-17 | N/A | 8.8 HIGH |
| Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation. | |||||
| CVE-2025-45729 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services. | |||||
| CVE-2025-45618 | 1 Huangjian888 | 1 Jeeweb-mybatis-springboot | 2026-06-17 | N/A | 6.5 MEDIUM |
| Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45617 | 1 Megagao | 1 Production Ssm | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45616 | 1 Baidu | 1 Brcc | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. | |||||
| CVE-2025-45615 | 1 User-xiangpeng | 1 Yaoqishan | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. | |||||
| CVE-2025-45614 | 1 Lcw2004 | 1 One | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45613 | 1 Zhaojun1998 | 1 Shiro-action | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45612 | 1 Exrick | 1 Xmall | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | |||||
| CVE-2025-45611 | 1 Java-aodeng | 1 Hope-boot | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | |||||
| CVE-2025-45610 | 1 Passjava | 1 Passjava | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45609 | 1 Ke | 1 Kob | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | |||||