Total
376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2546 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-15 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-13030 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2359 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2360 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-07-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-7576 | 2025-07-15 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16 and classified as critical. Affected by this issue is some unknown functionality of the file /priv/production/production.html of the component Production Tools. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7552 | 2025-07-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation of the argument Request leads to improper access controls. The attack may be launched remotely. Upgrading to version 7.3.6 is able to address this issue. The patch is identified as 8d521bbf531de59b09b8629a9cbf667870ad2541. It is recommended to upgrade the affected component. | |||||
| CVE-2025-2550 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2551 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2552 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2553 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-48911 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.2 HIGH |
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6735 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6736 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27028 | 2025-07-10 | N/A | 6.8 MEDIUM | ||
| The Linux deprivileged user vpuserĀ in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash). | |||||
| CVE-2025-0139 | 2025-07-10 | N/A | N/A | ||
| An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root. | |||||
| CVE-2025-6702 | 1 Linlinjava | 1 Litemall | 2025-07-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7076 | 2025-07-08 | 4.8 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-49867 | 2025-07-08 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0. | |||||
| CVE-2025-23970 | 2025-07-08 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking allows Privilege Escalation. This issue affects Service Finder Booking: from n/a through 6.0. | |||||
| CVE-2025-42992 | 2025-07-08 | N/A | 6.9 MEDIUM | ||
| SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system. | |||||