Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44212 | 1 Gl-inet | 1 Goodcloud | 2025-04-24 | N/A | 5.9 MEDIUM |
| In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. | |||||
| CVE-2022-44211 | 1 Gl-inet | 1 Goodcloud | 2025-04-24 | N/A | 7.4 HIGH |
| In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. | |||||
| CVE-2024-30148 | 2025-04-24 | N/A | 4.1 MEDIUM | ||
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | |||||
| CVE-2025-3518 | 2025-04-24 | N/A | N/A | ||
| It technically possible for a user to upload a file to a conversation despite the file upload functionality being disabled. The file upload functionality can be enabled or disabled for specific use cases through configuration. In case the functionality is disabled for at least one use case, the system nevertheless allows files to be uploaded through direct API requests. During the upload file, interception and allowed file type rules are still applied correctly. If file sharing is generally enabled, this issue is not of concern. | |||||
| CVE-2023-36643 | 1 Itb-pim | 1 Tradepro | 2025-04-24 | N/A | 7.5 HIGH |
| Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. | |||||
| CVE-2023-36644 | 1 Itb-pim | 1 Tradepro | 2025-04-24 | N/A | 7.5 HIGH |
| Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin. | |||||
| CVE-2021-37183 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-04-23 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. | |||||
| CVE-2025-3783 | 1 Seniorwalter | 1 Web-based Pharmacy Product Management System | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-44932 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. | |||||
| CVE-2022-37918 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-37917 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-37916 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2025-43947 | 2025-04-23 | N/A | 7.3 HIGH | ||
| Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc. | |||||
| CVE-2025-28367 | 2025-04-23 | N/A | 6.5 MEDIUM | ||
| mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey. | |||||
| CVE-2024-20036 | 2 Google, Mediatek | 11 Android, Mt6835, Mt6855 and 8 more | 2025-04-22 | N/A | 4.4 MEDIUM |
| In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. | |||||
| CVE-2025-29705 | 1 Tanghc | 1 Code-gen | 2025-04-22 | N/A | 4.3 MEDIUM |
| code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects. | |||||
| CVE-2025-3665 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3664 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3674 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-25679 | 1 Qualcomm | 134 Aqt1000, Aqt1000 Firmware, Qca6390 and 131 more | 2025-04-22 | N/A | 6.2 MEDIUM |
| Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||