Total
3085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20291 | 1 Cisco | 81 Nexus 3000 In Standalone Nx-os Mode, Nexus 3048, Nexus 31108pc-v and 78 more | 2025-04-30 | N/A | 5.8 MEDIUM |
| A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces. | |||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2025-04-29 | N/A | 9.9 CRITICAL |
| Carel Boss Mini 1.5.0 has Improper Access Control. | |||||
| CVE-2023-42969 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-29 | N/A | 3.3 LOW |
| An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches. | |||||
| CVE-2025-30729 | 1 Oracle | 1 Communications Order And Service Management | 2025-04-29 | N/A | 5.5 MEDIUM |
| Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). | |||||
| CVE-2024-56195 | 1 Apache | 1 Traffic Server | 2025-04-29 | N/A | 6.3 MEDIUM |
| Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. | |||||
| CVE-2022-45475 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-04-29 | N/A | 6.5 MEDIUM |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | |||||
| CVE-2025-32470 | 2025-04-29 | N/A | 7.5 HIGH | ||
| A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device. | |||||
| CVE-2025-4006 | 2025-04-29 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical has been found in youyiio BeyongCms 1.6.0. Affected is an unknown function of the file /admin/theme/Upload.html of the component Document Management Page. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2025-04-29 | N/A | 9.8 CRITICAL |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | |||||
| CVE-2024-46609 | 1 Thecosy | 1 Icecms | 2025-04-28 | N/A | 7.5 HIGH |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | |||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | N/A | 6.5 MEDIUM |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | |||||
| CVE-2024-42797 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | |||||
| CVE-2024-46607 | 1 Thecosy | 1 Icecms | 2025-04-28 | N/A | 7.6 HIGH |
| Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | |||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | N/A | 5.3 MEDIUM |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | |||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2025-04-28 | N/A | 8.8 HIGH |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | |||||
| CVE-2024-44571 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | N/A | 8.8 HIGH |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | |||||
| CVE-2024-42794 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 4.7 MEDIUM |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | |||||
| CVE-2024-42795 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 4.2 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | |||||
| CVE-2024-42796 | 1 Lopalopa | 1 Music Management System | 2025-04-28 | N/A | 5.9 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | |||||