Total
164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53073 | 2025-06-26 | N/A | 4.2 MEDIUM | ||
| In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's team. A seven-digit issue ID must be known (it is not treated as a secret and might be mentioned publicly, or it could be predicted). | |||||
| CVE-2025-41404 | 2025-06-26 | N/A | 4.3 MEDIUM | ||
| Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product. | |||||
| CVE-2025-6352 | 1 Code-projects | 1 Automated Voting System | 2025-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52920 | 2025-06-23 | N/A | 6.4 MEDIUM | ||
| Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in disclosure of the PII of other customers and the deletion of their reviews of products on the website. To be specific, an attacker could view the order details of any order by browsing to /en/account/orders/_ORDER_ID_ or use the address and billing information of other customers by manipulating the shipping_address_id and billing_address_id parameters when making an order (this information is then reflected in the receipt). Additionally, an attacker could delete the reviews of other users by sending a DELETE request to /en/account/reviews/_REVIEW_ID. | |||||
| CVE-2025-47226 | 1 Snipeitapp | 1 Snipe-it | 2025-06-03 | N/A | 5.0 MEDIUM |
| Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. | |||||
| CVE-2025-48201 | 2025-05-21 | N/A | 8.6 HIGH | ||
| The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. | |||||
| CVE-2025-48202 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference. | |||||
| CVE-2025-48207 | 2025-05-21 | N/A | 8.6 HIGH | ||
| The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference. | |||||
| CVE-2025-48205 | 2025-05-21 | N/A | 8.6 HIGH | ||
| The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. | |||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2025-05-21 | N/A | 8.0 HIGH |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | |||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | N/A | 8.8 HIGH |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | |||||
| CVE-2022-40845 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2025-05-13 | N/A | 6.5 MEDIUM |
| The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | |||||
| CVE-2025-46690 | 1 Ververica | 1 Ververica Platform | 2025-05-12 | N/A | 5.0 MEDIUM |
| Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request. | |||||
| CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 6.5 MEDIUM |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | |||||
| CVE-2022-28365 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | |||||
| CVE-2025-27581 | 2025-04-29 | N/A | 4.3 MEDIUM | ||
| NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints. | |||||
| CVE-2022-45276 | 1 Eyunjing | 1 Yjcms | 2025-04-25 | N/A | 9.8 CRITICAL |
| An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | |||||
| CVE-2023-45596 | 1 Ailux | 1 Imx6 | 2025-04-23 | N/A | 5.3 MEDIUM |
| A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | |||||
| CVE-2025-2595 | 2025-04-23 | N/A | 5.3 MEDIUM | ||
| An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. | |||||
| CVE-2024-7080 | 1 Munyweki | 1 Insurance Management System | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability. | |||||