Total
4371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | |||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | |||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.2 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | |||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | |||||
| CVE-2025-28371 | 1 Engeniustech | 2 Enh500, Enh500 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password. | |||||
| CVE-2025-28367 | 1 Mojoportal | 1 Mojoportal | 2026-06-17 | N/A | 6.5 MEDIUM |
| mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey. | |||||
| CVE-2025-28233 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack. | |||||
| CVE-2025-28232 | 1 Jmbroadcast | 2 Jmb0150, Jmb0150 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication. | |||||
| CVE-2025-28231 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges. | |||||
| CVE-2025-28229 | 1 Orban | 2 Optimod 5950, Optimod 5950 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges. | |||||
| CVE-2025-28201 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access. | |||||
| CVE-2025-28104 | 1 Dogukanurker | 1 Flaskblog | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input. | |||||
| CVE-2025-28041 | 1 Liaoxuefeng | 1 Itranswarp | 2026-06-17 | N/A | 8.6 HIGH |
| Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication. | |||||
| CVE-2025-27919 | 1 Anydesk | 1 Anydesk | 2026-06-17 | N/A | 8.2 HIGH |
| An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation. | |||||
| CVE-2025-27744 | 1 Microsoft | 1 Office | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27738 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-27724 | 1 Meddream | 1 Pacs Server | 2026-06-17 | N/A | 9.3 CRITICAL |
| A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2025-27702 | 1 Absolute | 1 Secure Access | 2026-06-17 | N/A | 4.9 MEDIUM |
| CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high. | |||||
| CVE-2025-27689 | 1 Dell | 1 Idrac Tools | 2026-06-17 | N/A | 7.8 HIGH |
| Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||