Total
4157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27919 | 1 Anydesk | 1 Anydesk | 2026-06-17 | N/A | 8.2 HIGH |
| An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation. | |||||
| CVE-2025-27744 | 1 Microsoft | 1 Office | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27738 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-27724 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 9.3 CRITICAL |
| A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2025-27702 | 1 Absolute | 1 Secure Access | 2026-06-17 | N/A | 4.9 MEDIUM |
| CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high. | |||||
| CVE-2025-27689 | 1 Dell | 1 Idrac Tools | 2026-06-17 | N/A | 7.8 HIGH |
| Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-27649 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2026-06-17 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016. | |||||
| CVE-2025-27646 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2026-06-17 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001. | |||||
| CVE-2025-27258 | 1 Ericsson | 1 Network Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. | |||||
| CVE-2025-27238 | 1 Zabbix | 1 Zabbix | 2026-06-17 | N/A | 3.5 LOW |
| Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them. | |||||
| CVE-2025-27215 | 2026-06-17 | N/A | 8.1 HIGH | ||
| An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later | |||||
| CVE-2025-27207 | 1 Adobe | 1 Commerce B2b | 2026-06-17 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-27206 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-06-17 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-27191 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-06-17 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-27190 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-06-17 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-27153 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11. | |||||
| CVE-2025-27140 | 1 Wegia | 1 Wegia | 2026-06-17 | N/A | 9.8 CRITICAL |
| WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a command to move a temporary file, so a webshell upload is also possible. Version 3.2.15 contains a patch for the issue. | |||||
| CVE-2025-27134 | 1 Joplin Project | 1 Joplin | 2026-06-17 | N/A | 8.8 HIGH |
| Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/:id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3. | |||||
| CVE-2025-27093 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants. | |||||
| CVE-2025-27062 | 1 Qualcomm | 306 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq8064au and 303 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption while handling client exceptions, allowing unauthorized channel access. | |||||