Export limit exceeded: 10809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-06-16 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | ||||
| CVE-2025-48445 | 1 Commerce Eurobank \(redirect\) Project | 1 Commerce Eurobank \(redirect\) | 2025-06-16 | 8.8 High |
| Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1. | ||||
| CVE-2025-48446 | 1 Commerce Alphabank Redirect Project | 1 Commerce Alphabank Redirect | 2025-06-16 | 8.8 High |
| Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3. | ||||
| CVE-2025-26846 | 1 Znuny | 1 Znuny | 2025-06-13 | 9.8 Critical |
| An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. | ||||
| CVE-2025-4327 | 1 Mrcms | 1 Mrcms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | ||||
| CVE-2025-26842 | 1 Znuny | 1 Znuny | 2025-06-12 | 7.5 High |
| An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog. | ||||
| CVE-2025-28202 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | 8.8 High |
| Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. | ||||
| CVE-2025-41231 | 1 Vmware | 1 Cloud Foundation | 2025-06-12 | 7.3 High |
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | ||||
| CVE-2023-41077 | 1 Apple | 1 Macos | 2025-06-12 | 5.5 Medium |
| An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks. | ||||
| CVE-2025-47887 | 1 Jenkins | 1 Cadence Vmanager | 2025-06-12 | 4.3 Medium |
| Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2023-6029 | 1 Spider-themes | 1 Eazydocs | 2025-06-11 | 7.5 High |
| The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections. | ||||
| CVE-2023-52111 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-11 | 7.5 High |
| Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2023-50944 | 1 Apache | 1 Airflow | 2025-06-11 | 6.5 Medium |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | ||||
| CVE-2023-35836 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-11 | 6.5 Medium |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | ||||
| CVE-2022-0775 | 1 Woocommerce | 1 Woocommerce | 2025-06-11 | 4.3 Medium |
| The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | ||||
| CVE-2023-31403 | 1 Sap | 1 Business One | 2025-06-11 | 9.6 Critical |
| SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability. | ||||
| CVE-2025-5766 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 4.3 Medium |
| A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-51761 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | 8.3 High |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | ||||
| CVE-2023-43609 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | 6.9 Medium |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | ||||
| CVE-2025-48009 | 1 Single Content Sync Project | 1 Single Content Sync | 2025-06-10 | 3.1 Low |
| Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12. | ||||