Total
2844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44932 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. | |||||
| CVE-2022-37918 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-37917 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-37916 | 1 Arubanetworks | 1 Airwave | 2025-04-23 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2024-20036 | 2 Google, Mediatek | 11 Android, Mt6835, Mt6855 and 8 more | 2025-04-22 | N/A | 4.4 MEDIUM |
| In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. | |||||
| CVE-2025-29705 | 1 Tanghc | 1 Code-gen | 2025-04-22 | N/A | 4.3 MEDIUM |
| code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects. | |||||
| CVE-2025-3665 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3664 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3674 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-25679 | 1 Qualcomm | 134 Aqt1000, Aqt1000 Firmware, Qca6390 and 131 more | 2025-04-22 | N/A | 6.2 MEDIUM |
| Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2024-8216 | 1 Nafisulbari | 1 Life Insurance Management System | 2025-04-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-57433 | 1 Macrozheng | 1 Mall-tiny | 2025-04-22 | N/A | 7.5 HIGH |
| macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state. | |||||
| CVE-2025-28233 | 2025-04-22 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack. | |||||
| CVE-2025-28231 | 2025-04-22 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges. | |||||
| CVE-2022-42811 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | N/A | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data. | |||||
| CVE-2024-12956 | 1 1000projects | 1 Portfolio Management System Mca | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12954 | 1 1000projects | 1 Portfolio Management System Mca | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_ach.php. The manipulation of the argument ach_certy leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12953 | 1 1000projects | 1 Portfolio Management System Mca | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /update_pd_process.php. The manipulation of the argument profile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12951 | 1 1000projects | 1 Portfolio Management System Mca | 2025-04-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /add_personal_details.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-42814 | 1 Apple | 1 Macos | 2025-04-22 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||