Total
220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47226 | 1 Snipeitapp | 1 Snipe-it | 2025-06-03 | N/A | 5.0 MEDIUM |
| Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | |||||
| CVE-2025-48201 | 2025-05-21 | N/A | 8.6 HIGH | ||
| The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. | |||||
| CVE-2025-48207 | 2025-05-21 | N/A | 8.6 HIGH | ||
| The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. | |||||
| CVE-2025-48205 | 2025-05-21 | N/A | 8.6 HIGH | ||
| The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. | |||||
| CVE-2025-48202 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | |||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | N/A | 8.0 HIGH |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | |||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | N/A | 8.8 HIGH |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | |||||
| CVE-2025-46690 | 1 Ververica | 1 Ververica Platform | 2025-05-12 | N/A | 5.0 MEDIUM |
| Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request. | |||||
| CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 6.5 MEDIUM |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | |||||
| CVE-2022-28365 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | |||||
| CVE-2025-27581 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | |||||
| CVE-2022-45276 | 1 Eyunjing | 1 Yjcms | 2025-04-25 | N/A | 9.8 CRITICAL |
| An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | |||||
| CVE-2023-45596 | 1 Ailux | 1 Imx6 | 2025-04-23 | N/A | 5.3 MEDIUM |
| A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | |||||
| CVE-2025-2595 | 2025-04-23 | N/A | 5.3 MEDIUM | ||
| An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. | |||||
| CVE-2024-7080 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability. | |||||
| CVE-2017-15235 | 1 Horde | 1 Groupware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. | |||||
| CVE-2017-14244 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | |||||
| CVE-2017-2143 | 1 Frogman Office Inc | 2 Cs-cart Japanese Edition, Cs-cart Multivendor Japanese Edition | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php. | |||||
| CVE-2017-2139 | 1 Frogman Office Inc | 1 Cs-cart | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | |||||
| CVE-2017-10833 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | |||||