Total
2463 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30462 | 1 Apple | 1 Macos | 2025-04-04 | N/A | 9.8 CRITICAL |
| A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions. | |||||
| CVE-2025-24241 | 1 Apple | 1 Macos | 2025-04-04 | N/A | 9.8 CRITICAL |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard. | |||||
| CVE-2025-24236 | 1 Apple | 1 Macos | 2025-04-04 | N/A | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data. | |||||
| CVE-2024-28405 | 1 Sem-cms | 1 Semcms | 2025-04-04 | N/A | 7.2 HIGH |
| SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges. | |||||
| CVE-2024-25811 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | N/A | 6.5 MEDIUM |
| An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. | |||||
| CVE-2023-22339 | 1 Contec | 1 Conprosys Hmi System | 2025-04-03 | N/A | 7.5 HIGH |
| Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | |||||
| CVE-2022-46890 | 1 Nexusphp | 1 Nexusphp | 2025-04-03 | N/A | 4.3 MEDIUM |
| Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page). | |||||
| CVE-2020-22655 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image. | |||||
| CVE-2025-25598 | 1 Inovalogic | 1 Customer Monitor | 2025-04-03 | N/A | 8.8 HIGH |
| Incorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileges via placing a crafted executable into a scheduled task. | |||||
| CVE-2024-13067 | 1 Codeastro | 1 Online Food Ordering System | 2025-04-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2023-24028 | 1 Misp-project | 1 Misp | 2025-04-03 | N/A | 9.8 CRITICAL |
| In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | |||||
| CVE-2025-2090 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-04-03 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-28338 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. | |||||
| CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | |||||
| CVE-2024-25251 | 1 Carmelogarcia | 1 Agro-school Management System | 2025-04-02 | N/A | 8.8 HIGH |
| code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control. | |||||
| CVE-2024-22234 | 1 Vmware | 1 Spring Security | 2025-04-02 | N/A | 7.4 HIGH |
| In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html | |||||
| CVE-2023-24058 | 1 Twinkletoessoftware | 1 Booked | 2025-04-02 | N/A | 4.3 MEDIUM |
| Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected. | |||||
| CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2025-04-02 | N/A | 7.5 HIGH |
| Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | |||||
| CVE-2023-24425 | 1 Jenkins | 1 Kubernetes Credentials Provider | 2025-04-02 | N/A | 6.5 MEDIUM |
| Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | |||||