Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 32075 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51751 2 Microsoft, Scalefusion 2 Windows, Scalefusion 2025-06-16 N/A 6.8 MEDIUM
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
CVE-2023-48133 1 Linecorp 1 Line 2025-06-16 N/A 5.4 MEDIUM
An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-43994 1 Linecorp 1 Line 2025-06-16 N/A 5.4 MEDIUM
An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2023-42941 1 Apple 2 Ipados, Iphone Os 2025-06-16 N/A 4.8 MEDIUM
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.
CVE-2023-42888 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-06-16 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in disclosure of process memory.
CVE-2023-42830 1 Apple 3 Ipados, Iphone Os, Macos 2025-06-16 N/A 3.3 LOW
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
CVE-2023-42829 1 Apple 1 Macos 2025-06-16 N/A 5.5 MEDIUM
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.
CVE-2024-25675 1 Misp 1 Misp 2025-06-16 N/A 9.8 CRITICAL
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
CVE-2023-5485 2 Debian, Google 2 Debian Linux, Chrome 2025-06-16 N/A 4.3 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-4822 1 Grafana 1 Grafana 2025-06-16 N/A 6.7 MEDIUM
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CVE-2023-43989 1 Linecorp 1 Line 2025-06-16 N/A 5.4 MEDIUM
An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
CVE-2025-5428 1 Juzaweb 1 Cms 2025-06-16 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-45561 1 Linecorp 1 Line 2025-06-13 N/A 5.3 MEDIUM
An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2024-48900 1 Moodle 1 Moodle 2025-06-13 N/A 4.3 MEDIUM
A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
CVE-2024-46213 1 Redaxo 1 Redaxo 2025-06-13 N/A 7.2 HIGH
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
CVE-2024-31759 1 Publiccms 1 Publiccms 2025-06-12 N/A 8.8 HIGH
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
CVE-2025-4190 1 Aleapp 1 Csv Mass Importer 2025-06-12 N/A 7.2 HIGH
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVE-2025-48187 1 Infiniflow 1 Ragflow 2025-06-12 N/A 9.1 CRITICAL
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
CVE-2023-39323 2 Fedoraproject, Golang 2 Fedora, Go 2025-06-12 N/A 8.1 HIGH
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
CVE-2023-45163 1 1e 1 Platform 2025-06-12 N/A 9.9 CRITICAL
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI