Total
2821 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | |||||
| CVE-2024-9098 | 1 Lunary | 1 Lunary | 2025-04-10 | N/A | 6.1 MEDIUM |
| In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from inviting users with billing roles. As a result, admins can circumvent the intended access control, posing a risk to the organization's financial resources. | |||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | N/A | 5.3 MEDIUM |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | |||||
| CVE-2025-2973 | 1 Code-projects | 1 College Management System | 2025-04-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24486 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 9.1 CRITICAL |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. | |||||
| CVE-2024-24487 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 6.8 MEDIUM |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. | |||||
| CVE-2024-24485 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 7.5 HIGH |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. | |||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | |||||
| CVE-2025-28409 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | |||||
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | |||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | |||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | |||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | |||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 7.2 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | |||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | |||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | |||||
| CVE-2025-28413 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | |||||
| CVE-2008-2947 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | |||||
| CVE-2009-2092 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||