Total
4369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-37142 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37141 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37140 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 4.9 MEDIUM |
| Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | |||||
| CVE-2025-37137 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37136 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37135 | 1 Arubanetworks | 1 Arubaos | 2026-06-17 | N/A | 6.5 MEDIUM |
| Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | |||||
| CVE-2025-37131 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information. | |||||
| CVE-2025-37125 | 2026-06-17 | N/A | 7.5 HIGH | ||
| A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly | |||||
| CVE-2025-36909 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.3 MEDIUM |
| Information disclosure | |||||
| CVE-2025-36636 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | |||||
| CVE-2025-36351 | 1 Ibm | 1 License Metric Tool | 2026-06-17 | N/A | 4.3 MEDIUM |
| IBM License Metric Tool 9.2.0 through 9.2.40 could allow an authenticated user to bypass access controls in the REST API interface and perform unauthorized actions. | |||||
| CVE-2025-33073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 8.8 HIGH |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-33072 | 1 Microsoft | 1 Msagsfeedback.azurewebsites.net | 2026-06-17 | N/A | 8.1 HIGH |
| Improper access control in Azure allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-33056 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.5 HIGH |
| Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-32992 | 2026-06-17 | N/A | 8.5 HIGH | ||
| Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control. | |||||
| CVE-2025-32796 | 1 Langgenius | 1 Dify | 2026-06-17 | N/A | 6.5 MEDIUM |
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps. | |||||
| CVE-2025-32795 | 1 Langgenius | 1 Dify | 2026-06-17 | N/A | 6.5 MEDIUM |
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a security risk to the integrity of the application. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details. | |||||
| CVE-2025-32790 | 1 Langgenius | 1 Dify | 2026-06-17 | N/A | 6.3 MEDIUM |
| Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13. | |||||
| CVE-2025-32726 | 1 Microsoft | 1 Visual Studio Code | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32722 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | |||||