Total
1443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4268 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-05-07 | N/A | 9.8 CRITICAL |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | |||||
| CVE-2024-21146 | 1 Oracle | 1 Trade Management | 2025-05-06 | N/A | 8.1 HIGH |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2022-3312 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 4.6 MEDIUM |
| Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium) | |||||
| CVE-2022-27586 | 1 Sick | 2 Sim1004-0p0g311, Sim1004-0p0g311 Firmware | 2025-05-06 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-27584 | 1 Sick | 2 Sim2000st, Sim2000st Firmware | 2025-05-06 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled. | |||||
| CVE-2022-27582 | 1 Sick | 14 Sim1000 Fx, Sim1000 Fx Firmware, Sim1004 and 11 more | 2025-05-06 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled. | |||||
| CVE-2025-1495 | 2025-05-05 | N/A | 4.3 MEDIUM | ||
| IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation. | |||||
| CVE-2022-0992 | 1 Siteground | 1 Security Optimizer | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5. | |||||
| CVE-2022-43990 | 1 Sick | 2 Sim1012-0p0g200, Sim1012-0p0g200 Firmware | 2025-05-05 | N/A | 7.3 HIGH |
| Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-43989 | 1 Sick | 4 Sim2000-2p04g10, Sim2000-2p04g10 Firmware, Sim2500-2p03g10 and 1 more | 2025-05-05 | N/A | 7.3 HIGH |
| Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2024-3219 | 2025-05-02 | N/A | N/A | ||
| The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. | |||||
| CVE-2022-38168 | 1 Avaya | 4 Scopia Pathfinder 10 Pts, Scopia Pathfinder 10 Pts Firmware, Scopia Pathfinder 20 Pts and 1 more | 2025-05-02 | N/A | 9.1 CRITICAL |
| Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | |||||
| CVE-2022-27585 | 1 Sick | 2 Sim1000 Fx, Sim1000 Fx Firmware | 2025-05-02 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-30515 | 1 Zkteco | 1 Biotime | 2025-05-01 | N/A | 5.3 MEDIUM |
| ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. | |||||
| CVE-2021-46852 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | N/A | 7.5 HIGH |
| The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2025-3474 | 1 Drupal | 1 Panels | 2025-05-01 | N/A | 6.5 MEDIUM |
| Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0. | |||||
| CVE-2024-40408 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | N/A | 7.3 HIGH |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges. | |||||
| CVE-2024-40405 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | N/A | 8.1 HIGH |
| Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. | |||||
| CVE-2024-40404 | 1 Cybelesoft | 1 Thinfinity Workspace | 2025-05-01 | N/A | 9.8 CRITICAL |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. | |||||