Total
5560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53959 | 1 Jetbrains | 1 Youtrack | 2025-10-14 | N/A | 7.6 HIGH |
| In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | |||||
| CVE-2024-6406 | 2025-10-14 | N/A | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0. | |||||
| CVE-2024-4428 | 1 Menulux | 1 Managment Portal | 2025-10-14 | N/A | 9.8 CRITICAL |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024. | |||||
| CVE-2024-4341 | 1 Extremepacs | 1 Extreme Xds | 2025-10-14 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. | |||||
| CVE-2024-4259 | 1 Sambas | 1 Akos | 2025-10-14 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | |||||
| CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2025-10-14 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | |||||
| CVE-2024-1744 | 1 Accordors | 1 Accord Ors | 2025-10-14 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1. | |||||
| CVE-2024-1662 | 1 Porty | 1 Powerbank | 2025-10-14 | N/A | 7.5 HIGH |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02. | |||||
| CVE-2025-1084 | 1 Mindskip | 1 Xzs-mysql | 2025-10-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-40667 | 1 Tcman | 1 Gim | 2025-10-10 | N/A | 6.5 MEDIUM |
| Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302 Found’ to ‘200 OK’, as well as the hidden fields hdnReadOnly and hdnUserLogin. | |||||
| CVE-2025-6106 | 1 72crm | 1 Wukong Crm | 2025-10-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3561 | 1 Ghostxbh | 1 Uzy-ssm-mall | 2025-10-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-34146 | 1 Jenkins | 1 Git Server | 2025-10-10 | N/A | 6.5 MEDIUM |
| Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | |||||
| CVE-2024-52549 | 1 Jenkins | 1 Script Security | 2025-10-10 | N/A | 4.3 MEDIUM |
| Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | |||||
| CVE-2024-44069 | 1 Pi-hole | 1 Pi-hole | 2025-10-10 | N/A | 7.5 HIGH |
| Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear. | |||||
| CVE-2017-6369 | 1 Firebirdsql | 1 Firebird | 2025-10-10 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. | |||||
| CVE-2025-51308 | 1 Gatling | 1 Gatling | 2025-10-09 | N/A | 5.3 MEDIUM |
| In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks. | |||||
| CVE-2025-11439 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 11d97d78f2de2cb49f79baed6bde8b611ec1f384. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-11438 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2025-11442 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor has stated that API calls require authentication through Authorization Bearer Tokens, so classic CSRF attacks do not apply here. An attacker would need to possess the JWT through means such as XSS which were mitigated, disabling any form of initial access. | |||||