Export limit exceeded: 11253 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11253 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44289 | 1 Dell | 1 Command\|configure | 2025-06-05 | 7.3 High |
| Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | ||||
| CVE-2025-48999 | 1 Dataease | 1 Dataease | 2025-06-05 | 8.8 High |
| DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue. | ||||
| CVE-2025-49001 | 1 Dataease | 1 Dataease | 2025-06-05 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | ||||
| CVE-2023-41264 | 1 Netwrix | 1 Usercube | 2025-06-05 | 9.8 Critical |
| Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints). | ||||
| CVE-2024-29296 | 1 Portainer | 1 Portainer | 2025-06-05 | 5.3 Medium |
| A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | ||||
| CVE-2023-42576 | 1 Samsung | 1 Pass | 2025-06-05 | 5.4 Medium |
| Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. | ||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2025-06-04 | 6.3 Medium |
| Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||||
| CVE-2020-16239 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2025-06-04 | 4.9 Medium |
| When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct. | ||||
| CVE-2020-14477 | 1 Philips | 16 Affiniti 50, Affiniti 50 Firmware, Affiniti 70 and 13 more | 2025-06-04 | 3.6 Low |
| In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. | ||||
| CVE-2024-27187 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Improper Access Controls allows backend users to overwrite their username when disallowed. | ||||
| CVE-2024-40749 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Improper Access Controls allows access to protected views. | ||||
| CVE-2025-25227 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2025-27703 | 1 Absolute | 1 Secure Access | 2025-06-04 | 6.0 Medium |
| CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. | ||||
| CVE-2024-11000 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 4.7 Medium |
| A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10999 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 4.7 Medium |
| A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48905 | 1 Sematell | 1 Replyone | 2025-06-04 | 9.1 Critical |
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | ||||
| CVE-2024-13241 | 1 Getopensocial | 1 Open Social | 2025-06-04 | 9.1 Critical |
| Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | ||||
| CVE-2024-13240 | 1 Getopensocial | 1 Open Social | 2025-06-04 | 7.5 High |
| Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | ||||
| CVE-2025-40581 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | 7.1 High |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. | ||||
| CVE-2024-13249 | 1 Node Access Rebuild Progressive Project | 1 Node Access Rebuild Progressive | 2025-06-04 | 5.4 Medium |
| Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. | ||||