Export limit exceeded: 356131 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8088 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-06-16 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | ||||
| CVE-2025-26846 | 1 Znuny | 1 Znuny | 2025-06-13 | 9.8 Critical |
| An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. | ||||
| CVE-2025-4327 | 1 Mrcms | 1 Mrcms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | ||||
| CVE-2025-28202 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | 8.8 High |
| Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. | ||||
| CVE-2025-41231 | 1 Vmware | 1 Cloud Foundation | 2025-06-12 | 7.3 High |
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | ||||
| CVE-2025-47887 | 1 Jenkins | 1 Cadence Vmanager | 2025-06-12 | 4.3 Medium |
| Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2023-6029 | 1 Spider-themes | 1 Eazydocs | 2025-06-11 | 7.5 High |
| The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections. | ||||
| CVE-2023-50944 | 1 Apache | 1 Airflow | 2025-06-11 | 6.5 Medium |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | ||||
| CVE-2025-5766 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 4.3 Medium |
| A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48009 | 1 Single Content Sync Project | 1 Single Content Sync | 2025-06-10 | 3.1 Low |
| Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12. | ||||
| CVE-2025-47709 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
| CVE-2023-47770 | 1 Muffingroup | 1 Betheme | 2025-06-09 | 7.6 High |
| Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1. | ||||
| CVE-2023-41953 | 2 Profilepress, Properfraction | 2 Profilepress, Profilepress | 2025-06-09 | 5.3 Medium |
| Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1. | ||||
| CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | 8.8 High |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | ||||
| CVE-2025-5521 | 1 5kcrm | 1 Wukongcrm | 2025-06-09 | 4.3 Medium |
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28159 | 1 Jenkins | 1 Subversion Partial Release Manager | 2025-06-06 | 4.3 Medium |
| A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. | ||||
| CVE-2022-45830 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | 6.5 Medium |
| Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. | ||||
| CVE-2025-1557 | 1 Ofcms Project | 1 Ofcms | 2025-06-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13243 | 1 Entity Delete Log Project | 1 Entity Delete Log | 2025-06-04 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. | ||||
| CVE-2025-4887 | 1 Senior-walter | 1 Online Student Clearance System | 2025-06-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||