Total
431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4136 | 2025-05-02 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2470 | 2025-04-29 | N/A | 9.8 CRITICAL | ||
| The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability. | |||||
| CVE-2025-2850 | 2025-04-29 | 2.7 LOW | 3.5 LOW | ||
| A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been rated as problematic. This issue affects some unknown processing of the component Download Interface. The manipulation leads to improper authorization. It is recommended to upgrade the affected component. | |||||
| CVE-2025-4017 | 2025-04-29 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4016 | 2025-04-29 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3665 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3664 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3674 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25767 | 1 Mrcms | 1 Mrcms | 2025-04-22 | N/A | 4.8 MEDIUM |
| A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request. | |||||
| CVE-2022-42825 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-3790 | 2025-04-21 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-12711 | 1 Advantech | 1 Webaccess | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | |||||
| CVE-2025-39542 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat allows Privilege Escalation. This issue affects Xelion Webchat: from n/a through 9.1.0. | |||||
| CVE-2025-32648 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16. | |||||
| CVE-2022-1746 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 7.6 HIGH |
| The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. | |||||
| CVE-2025-3569 | 2025-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3564 | 2025-04-15 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. This affects an unknown part of the component Teacher String Handler. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3550 | 2025-04-15 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3567 | 2025-04-15 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2954 | 1 Mannaandpoem | 1 Openmanus | 2025-04-15 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||