Total
5595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4327 | 1 Mrcms | 1 Mrcms | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
| CVE-2025-28202 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | N/A | 8.8 HIGH |
| Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. | |||||
| CVE-2025-41231 | 1 Vmware | 1 Cloud Foundation | 2025-06-12 | N/A | 7.3 HIGH |
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | |||||
| CVE-2025-47527 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18. | |||||
| CVE-2025-49265 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1. | |||||
| CVE-2025-5885 | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47463 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stock Locations for WooCommerce: from n/a through 2.8.6. | |||||
| CVE-2025-48147 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2. | |||||
| CVE-2025-49651 | 2025-06-12 | N/A | 8.1 HIGH | ||
| Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. | |||||
| CVE-2025-32308 | 2025-06-12 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in looks_awesome Team Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Builder: from n/a through 1.5.7. | |||||
| CVE-2025-5888 | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48139 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4. | |||||
| CVE-2025-42983 | 2025-06-12 | N/A | 8.5 HIGH | ||
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data. | |||||
| CVE-2025-42987 | 2025-06-12 | N/A | 4.3 MEDIUM | ||
| SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application. | |||||
| CVE-2025-42984 | 2025-06-12 | N/A | 5.4 MEDIUM | ||
| SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application. | |||||
| CVE-2025-42982 | 2025-06-12 | N/A | 8.8 HIGH | ||
| SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2025-49509 | 2025-06-12 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1. | |||||
| CVE-2025-42989 | 2025-06-12 | N/A | 9.6 CRITICAL | ||
| RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application. | |||||
| CVE-2025-42991 | 2025-06-12 | N/A | 4.3 MEDIUM | ||
| SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. | |||||
| CVE-2025-42993 | 2025-06-12 | N/A | 6.7 MEDIUM | ||
| Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC destination, leading to code execution under the privileges of the assigned high-privilege user. While the vulnerability has a low impact on Availability, it significantly poses a high risk to both Confidentiality and Integrity. | |||||