Total
4157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2090 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2089 | 1 Starsea99 | 1 Starsea-mall | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2035 | 1 S-a-zhd | 1 Ecommerce-website-using-php | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /customer_register.php. The manipulation of the argument name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2031 | 1 1000mz | 1 Chestnutcms | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-29984 | 1 Dell | 1 Trusted Device Agent | 2026-06-17 | N/A | 6.7 MEDIUM |
| Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2026-06-17 | N/A | 7.0 HIGH |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29939 | 2026-06-17 | N/A | N/A | ||
| Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity. | |||||
| CVE-2025-29810 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.5 HIGH |
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-29804 | 1 Microsoft | 1 Visual Studio 2022 | 2026-06-17 | N/A | 7.3 HIGH |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29705 | 1 Tanghc | 1 Code-gen | 2026-06-17 | N/A | 4.3 MEDIUM |
| code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects. | |||||
| CVE-2025-29557 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords. | |||||
| CVE-2025-29556 | 2026-06-17 | N/A | 7.3 HIGH | ||
| ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval. | |||||
| CVE-2025-29524 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information. | |||||
| CVE-2025-29520 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | |||||
| CVE-2025-29515 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | |||||
| CVE-2025-29514 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | |||||
| CVE-2025-29448 | 1 Easyappointments | 1 Easy\!appointments | 2026-06-17 | N/A | 7.5 HIGH |
| Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. | |||||
| CVE-2025-29421 | 1 Perfree | 1 Perfreeblog | 2026-06-17 | N/A | 7.5 HIGH |
| PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. | |||||
| CVE-2025-29315 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request. | |||||
| CVE-2025-29270 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device. | |||||