Total
3634 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3279 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-10 | N/A | 9.1 CRITICAL |
| An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation. | |||||
| CVE-2024-44860 | 1 Solvait | 1 Solvait | 2025-07-10 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request. | |||||
| CVE-2024-46097 | 1 Testlink | 1 Testlink | 2025-07-10 | N/A | 8.1 HIGH |
| TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges. | |||||
| CVE-2025-29804 | 1 Microsoft | 1 Visual Studio 2022 | 2025-07-10 | N/A | 7.3 HIGH |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29810 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.5 HIGH |
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-32722 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-10 | N/A | 5.5 MEDIUM |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-32714 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.8 HIGH |
| Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-44525 | 2025-07-10 | N/A | 6.5 MEDIUM | ||
| Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet. | |||||
| CVE-2024-52928 | 2 Microsoft, Thebrowser | 2 Windows, Arc | 2025-07-10 | N/A | 9.6 CRITICAL |
| Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website. | |||||
| CVE-2025-6843 | 1 Fabian | 1 Simple Photo Gallery | 2025-07-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-28229 | 1 Orban | 2 Optimod 5950, Optimod 5950 Firmware | 2025-07-09 | N/A | 9.8 CRITICAL |
| Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges. | |||||
| CVE-2025-28232 | 1 Jmbroadcast | 2 Jmb0150, Jmb0150 Firmware | 2025-07-09 | N/A | 9.1 CRITICAL |
| Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication. | |||||
| CVE-2019-16640 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-07-09 | N/A | 7.5 HIGH |
| An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1. | |||||
| CVE-2025-47962 | 1 Microsoft | 1 Windows Software Development Kit | 2025-07-09 | N/A | 7.8 HIGH |
| Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-3040 | 1 Projectworlds | 1 Online Time Table Generator | 2025-07-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3041 | 1 Projectworlds | 1 Online Time Table Generator | 2025-07-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3042 | 1 Projectworlds | 1 Online Time Table Generator | 2025-07-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26678 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-09 | N/A | 8.4 HIGH |
| Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-27744 | 1 Microsoft | 1 Office | 2025-07-09 | N/A | 7.8 HIGH |
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29448 | 1 Easyappointments | 1 Easy\!appointments | 2025-07-09 | N/A | 7.5 HIGH |
| Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability. | |||||