Total
2317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47148 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 4.0 MEDIUM |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2024-47157 | 1 Honor | 1 Magicos | 2025-06-05 | N/A | 2.9 LOW |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | |||||
| CVE-2025-29827 | 1 Microsoft | 1 Azure Automation | 2025-06-05 | N/A | 9.9 CRITICAL |
| Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2023-6837 | 1 Wso2 | 5 Api Manager, Carbon Identity Application Authentication Endpoint, Carbon Identity Application Authentication Framework and 2 more | 2025-06-05 | N/A | 8.5 HIGH |
| Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. | |||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2025-06-04 | 2.1 LOW | 6.3 MEDIUM |
| Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2025-48881 | 2025-06-04 | N/A | 8.3 HIGH | ||
| Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. This issue has been patched in version 12.13.0.RELEASE. A workaround for this issue involves overriding the endpoint security as defined in ObjectenApiHttpSecurityConfigurer and ObjectManagementHttpSecurityConfigurer. Depending on the implementation, this could result in loss of functionality. | |||||
| CVE-2024-13253 | 1 Advanced Pwa Inc Push Notifications Project | 1 Advanced Pwa Inc Push Notifications | 2025-06-04 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | |||||
| CVE-2025-25251 | 1 Fortinet | 1 Forticlient | 2025-06-04 | N/A | 7.8 HIGH |
| An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | |||||
| CVE-2024-13258 | 1 Rest \& Json Api Authentication Project | 1 Rest \& Json Api Authentication | 2025-06-04 | N/A | 9.8 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | |||||
| CVE-2024-13257 | 1 Commerce View Receipt Project | 1 Commerce View Receipt | 2025-06-04 | N/A | 5.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | |||||
| CVE-2025-25026 | 1 Ibm | 1 Security Guardium | 2025-06-04 | N/A | 4.3 MEDIUM |
| IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | |||||
| CVE-2025-3260 | 2025-06-02 | N/A | 8.3 HIGH | ||
| A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources. | |||||
| CVE-2025-3475 | 1 Europa | 1 Web-t | 2025-06-02 | N/A | 6.5 MEDIUM |
| Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0. | |||||
| CVE-2025-31673 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 4.6 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | |||||
| CVE-2023-50726 | 1 Argoproj | 1 Argo Cd | 2025-06-02 | N/A | 6.4 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version. | |||||
| CVE-2022-26767 | 1 Apple | 1 Macos | 2025-05-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2023-26097 | 1 Telindus | 1 Apsal | 2025-05-30 | N/A | 8.4 HIGH |
| An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | |||||
| CVE-2018-10212 | 1 Vaultize | 1 Enterprise File Sharing | 2025-05-30 | 5.5 MEDIUM | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value. | |||||
| CVE-2025-1110 | 1 Gitlab | 1 Gitlab | 2025-05-29 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | |||||
| CVE-2024-22938 | 1 Bosscms | 1 Bosscms | 2025-05-29 | N/A | 7.8 HIGH |
| Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. | |||||