Total
29430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | N/A | 4.3 MEDIUM |
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | |||||
CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | N/A | 6.5 MEDIUM |
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | |||||
CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | N/A | 4.3 MEDIUM |
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | |||||
CVE-2022-36443 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | N/A | 7.8 HIGH |
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | |||||
CVE-2021-38617 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 6.5 MEDIUM | 8.8 HIGH |
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation. | |||||
CVE-2021-38616 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 6.5 MEDIUM | 7.6 HIGH |
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more. | |||||
CVE-2021-38615 | 1 Eigentech | 1 Natural Language Processing | 2025-05-30 | 5.5 MEDIUM | 6.3 MEDIUM |
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint allows any logged-in user (guest, standard, or admin) to view and modify information. | |||||
CVE-2023-47352 | 1 Technicolor | 2 Tc8715d, Tc8715d Firmware | 2025-05-30 | N/A | 8.8 HIGH |
Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. | |||||
CVE-2023-47035 | 1 Etherscan | 1 Reptilian Coin | 2025-05-30 | N/A | 7.5 HIGH |
RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. | |||||
CVE-2023-47033 | 1 Multisigwallet Project | 1 Multisigwallet | 2025-05-30 | N/A | 7.5 HIGH |
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. | |||||
CVE-2025-33137 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-05-30 | N/A | 7.1 HIGH |
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security. | |||||
CVE-2020-15187 | 1 Helm | 1 Helm | 2025-05-29 | 6.5 MEDIUM | 3.0 LOW |
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform this attack, an attacker must have write access to the git repository or plugin archive (.tgz) while being downloaded (which can occur during a MITM attack on a non-SSL connection). This issue has been patched in Helm 2.16.11 and Helm 3.3.2. As a possible workaround make sure to install plugins using a secure connection protocol like SSL. | |||||
CVE-2025-32158 | 1 Athemes | 1 Athemes Addons For Elementor | 2025-05-29 | N/A | 7.5 HIGH |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15. | |||||
CVE-2025-46674 | 1 Nasa | 1 Cryptolib | 2025-05-29 | N/A | 3.5 LOW |
NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. | |||||
CVE-2025-1909 | 1 Buddyboss | 1 Buddyboss Platform | 2025-05-28 | N/A | 9.8 CRITICAL |
The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |||||
CVE-2023-49246 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-28 | N/A | 7.5 HIGH |
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2023-45210 | 1 Pleasanter | 1 Pleasanter | 2025-05-28 | N/A | 4.3 MEDIUM |
Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. | |||||
CVE-2025-46566 | 1 Dataease | 1 Dataease | 2025-05-28 | N/A | 9.8 CRITICAL |
DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9. | |||||
CVE-2022-41235 | 1 Jenkins | 1 Wildfly Deployer | 2025-05-28 | N/A | 5.3 MEDIUM |
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | |||||
CVE-2025-3236 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-05-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |