Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8999 | 1 Lunary | 1 Lunary | 2025-04-10 | N/A | 7.5 HIGH |
| lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26. | |||||
| CVE-2024-37567 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.1 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | |||||
| CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | |||||
| CVE-2024-9098 | 1 Lunary | 1 Lunary | 2025-04-10 | N/A | 6.1 MEDIUM |
| In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from inviting users with billing roles. As a result, admins can circumvent the intended access control, posing a risk to the organization's financial resources. | |||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | N/A | 5.3 MEDIUM |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | |||||
| CVE-2025-2973 | 1 Code-projects | 1 College Management System | 2025-04-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24486 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 9.1 CRITICAL |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. | |||||
| CVE-2024-24487 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 6.8 MEDIUM |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. | |||||
| CVE-2024-24485 | 1 Silextechnology | 2 Ds-600, Ds-600 Firmware | 2025-04-10 | N/A | 7.5 HIGH |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. | |||||
| CVE-2025-21197 | 2025-04-09 | N/A | 6.5 MEDIUM | ||
| Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | |||||
| CVE-2025-27744 | 2025-04-09 | N/A | 7.8 HIGH | ||
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27738 | 2025-04-09 | N/A | 6.5 MEDIUM | ||
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-29810 | 2025-04-09 | N/A | 7.5 HIGH | ||
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-29804 | 2025-04-09 | N/A | 7.3 HIGH | ||
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-26678 | 2025-04-09 | N/A | 8.4 HIGH | ||
| Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-27190 | 2025-04-09 | N/A | 5.3 MEDIUM | ||
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-27191 | 2025-04-09 | N/A | 5.3 MEDIUM | ||
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-30281 | 2025-04-09 | N/A | 9.1 CRITICAL | ||
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | |||||