Total
4358 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46282 | 1 Apple | 2 Macos, Safari | 2026-06-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-46175 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.5 HIGH |
| Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java. | |||||
| CVE-2025-46174 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.5 HIGH |
| Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java. | |||||
| CVE-2025-46118 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller. | |||||
| CVE-2025-46014 | 1 Honor | 1 Pc Manager | 2026-06-17 | N/A | 8.8 HIGH |
| Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation. | |||||
| CVE-2025-45729 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2026-06-17 | N/A | 6.3 MEDIUM |
| D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services. | |||||
| CVE-2025-45618 | 1 Huangjian888 | 1 Jeeweb-mybatis-springboot | 2026-06-17 | N/A | 6.5 MEDIUM |
| Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45617 | 1 Megagao | 1 Production Ssm | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45616 | 1 Baidu | 1 Brcc | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. | |||||
| CVE-2025-45615 | 1 User-xiangpeng | 1 Yaoqishan | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. | |||||
| CVE-2025-45614 | 1 Lcw2004 | 1 One | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45613 | 1 Zhaojun1998 | 1 Shiro-action | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45612 | 1 Exrick | 1 Xmall | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | |||||
| CVE-2025-45611 | 1 Java-aodeng | 1 Hope-boot | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | |||||
| CVE-2025-45610 | 1 Passjava | 1 Passjava | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45609 | 1 Ke | 1 Kob | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45608 | 1 Zykzhangyukang | 1 Xinguan | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-45584 | 1 Audi | 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication. | |||||
| CVE-2025-45424 | 1 Xinference | 1 Xinference | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect access control in Xinference before v1.4.0 allows attackers to access the Web GUI without authentication. | |||||
| CVE-2025-45343 | 1 Tenda | 2 W18e, W18e Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. | |||||