Total
4342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-56219 | 1 Ascertia | 1 Signinghub | 2026-06-17 | N/A | 7.1 HIGH |
| Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created. | |||||
| CVE-2025-56015 | 1 Genieacs | 1 Genieacs | 2026-06-17 | N/A | 7.5 HIGH |
| In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint. | |||||
| CVE-2025-55895 | 1 Totolink | 4 A3300r, A3300r Firmware, N200re and 1 more | 2026-06-17 | N/A | 9.1 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote). | |||||
| CVE-2025-55797 | 1 Formcms | 1 Formcms | 2026-06-17 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed. | |||||
| CVE-2025-55795 | 1 Openml | 1 Openml.org | 2026-06-17 | N/A | 3.5 LOW |
| The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with a higher user ID without proper verification. This results in the victim's email being reassigned to the attacker's account, causing the victim to be locked out immediately and unable to log in. The vulnerability leads to denial of service via account lockout but does not grant the attacker direct access to the victim's private data. | |||||
| CVE-2025-55749 | 1 Xwiki | 1 Xwiki | 2026-06-17 | N/A | 7.5 HIGH |
| XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0. | |||||
| CVE-2025-55741 | 1 Webkul | 1 Unopim | 2026-06-17 | N/A | 8.1 HIGH |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist. | |||||
| CVE-2025-55694 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55630 | 1 Reolink | 2 Smart 2k\+ Plug-in Wi-fi Video Doorbell With Chime, Smart 2k\+ Plug-in Wi-fi Video Doorbell With Chime Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts. | |||||
| CVE-2025-55626 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage. | |||||
| CVE-2025-55471 | 1 Youlai | 1 Youlai-boot | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users. | |||||
| CVE-2025-55469 | 1 Youlai | 1 Youlai-boot | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend. | |||||
| CVE-2025-55373 | 1 Beakon | 1 Beakon | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights. | |||||
| CVE-2025-55371 | 1 Jishenghua | 1 Jsherp | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method. | |||||
| CVE-2025-55368 | 1 Jishenghua | 1 Jsherp | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | |||||
| CVE-2025-55367 | 1 Jishenghua | 1 Jsherp | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | |||||
| CVE-2025-55366 | 1 Jishenghua | 1 Jsherp | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack. | |||||
| CVE-2025-55261 | 1 Hcltech | 1 Aftermarket Cloud | 2026-06-17 | N/A | 8.1 HIGH |
| HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data. | |||||
| CVE-2025-55244 | 1 Microsoft | 1 Azure Ai Bot Service | 2026-06-17 | N/A | 9.0 CRITICAL |
| Azure Bot Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-55240 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-06-17 | N/A | 7.3 HIGH |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||