Total
562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10822 | 1 Fuyang Lipengjun | 1 Platform | 2025-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-10674 | 1 Fuyang Lipengjun | 1 Platform | 2025-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-10675 | 1 Fuyang Lipengjun | 1 Platform | 2025-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10676 | 1 Fuyang Lipengjun | 1 Platform | 2025-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2024-9479 | 2025-10-03 | N/A | N/A | ||
| Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | |||||
| CVE-2024-9478 | 2025-10-03 | N/A | N/A | ||
| Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | |||||
| CVE-2025-5511 | 1 Quequnlong | 1 Shiyi-blog | 2025-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-42441 | 1 Zoom | 3 Meeting Software Development Kit, Rooms, Workplace Desktop | 2025-10-02 | N/A | 6.2 MEDIUM |
| Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access. | |||||
| CVE-2025-10318 | 1 Guojusoft | 1 Jeecgboot | 2025-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10319 | 1 Guojusoft | 1 Jeecgboot | 2025-10-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10707 | 1 Guojusoft | 1 Jeecgboot | 2025-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10725 | 2025-10-02 | N/A | 9.9 CRITICAL | ||
| A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it. | |||||
| CVE-2025-6532 | 1 Noyafa | 2 Lf9 Pro, Lf9 Pro Firmware | 2025-10-01 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. This dashcam is distributed by multiple resellers and different names. | |||||
| CVE-2025-7076 | 1 Blackvuenorthamerica | 2 Blackvue Dr590x, Blackvue Dr590x Firmware | 2025-10-01 | 4.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7480 | 1 Avaya | 1 Aura System Manager | 2025-10-01 | N/A | 4.2 MEDIUM |
| An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support. | |||||
| CVE-2024-9082 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-09-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-10941 | 2025-09-30 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. You should upgrade the affected component. The vendor explains, that "this vulnerability was detected at the beginning of 2025, it was remediated because the latest published version of the installer no longer uses "nssm," which is responsible for this vulnerability". | |||||
| CVE-2025-11080 | 2025-09-29 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-11030 | 2025-09-29 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | |||||
| CVE-2025-59945 | 2025-09-29 | N/A | 8.1 HIGH | ||
| SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83. | |||||