Total
4157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25730 | 2026-06-17 | N/A | 4.6 MEDIUM | ||
| An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself. | |||||
| CVE-2025-25683 | 2026-06-17 | N/A | 5.6 MEDIUM | ||
| AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1. | |||||
| CVE-2025-25621 | 1 Changeweb | 1 Unifiedtransform | 2026-06-17 | N/A | 4.3 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1. | |||||
| CVE-2025-25618 | 1 Changeweb | 1 Unifiedtransform | 2026-06-17 | N/A | 3.3 LOW |
| Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. | |||||
| CVE-2025-25617 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus. | |||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2026-06-17 | N/A | 4.3 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | |||||
| CVE-2025-25615 | 1 Changeweb | 1 Unifiedtransform | 2026-06-17 | N/A | 2.7 LOW |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | |||||
| CVE-2025-25614 | 1 Changeweb | 1 Unifiedtransform | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. | |||||
| CVE-2025-25598 | 1 Inovalogic | 1 Customer Monitor | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. | |||||
| CVE-2025-25585 | 1 R1bbit | 1 Yimioa | 2026-06-17 | N/A | 7.3 HIGH |
| Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords. | |||||
| CVE-2025-25500 | 1 Cosmwasm | 1 Cosmwasm | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain. | |||||
| CVE-2025-25381 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords. | |||||
| CVE-2025-25225 | 1 Hikashop | 1 Hikashop | 2026-06-17 | N/A | 6.5 MEDIUM |
| A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions. | |||||
| CVE-2025-25004 | 1 Microsoft | 17 Powershell, Windows 10 1507, Windows 10 1607 and 14 more | 2026-06-17 | N/A | 7.3 HIGH |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24999 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-24994 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2026-06-17 | N/A | 7.3 HIGH |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2026-06-17 | N/A | 8.2 HIGH |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | |||||
| CVE-2025-24968 | 1 Yogeshojha | 1 Rengine | 2026-06-17 | N/A | 8.8 HIGH |
| reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds. | |||||
| CVE-2025-24917 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2026-06-17 | N/A | 7.8 HIGH |
| In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. | |||||
| CVE-2025-24916 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2026-06-17 | N/A | 7.0 HIGH |
| When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | |||||