Export limit exceeded: 11585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348772 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10645 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10043 | 1 Gitlab | 1 Gitlab | 2025-07-11 | 3.1 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | ||||
| CVE-2025-48473 | 1 Freescout | 1 Freescout | 2025-07-11 | 4.3 Medium |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other mailboxes or from other conversations to which they do not have access (access restriction to conversations is implemented by the show_only_assigned_conversations setting, which is also not checked). This issue has been patched in version 1.8.179. | ||||
| CVE-2025-36578 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 6.8 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2018-9382 | 1 Google | 1 Android | 2025-07-10 | 7.8 High |
| In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29821 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-10 | N/A |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | ||||
| CVE-2024-29213 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-10 | N/A |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | ||||
| CVE-2023-24932 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | 6.7 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-48916 | 1 Joshfabean | 1 Bookable Calendar | 2025-07-10 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13. | ||||
| CVE-2025-6702 | 1 Linlinjava | 1 Litemall | 2025-07-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7133 | 1 Codeastro | 1 Online Movie Ticket Booking System | 2025-07-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48466 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | 8.1 High |
| Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks. | ||||
| CVE-2024-57969 | 1 Misp | 1 Misp | 2025-07-09 | 4.3 Medium |
| app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search. | ||||
| CVE-2025-4128 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 3.1 Low |
| Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}. | ||||
| CVE-2024-55965 | 1 Appsmith | 1 Appsmith | 2025-07-08 | 6.5 Medium |
| An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys. | ||||
| CVE-2025-3611 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 3.1 Low |
| Mattermost versions 10.7.x <= 10.7.0, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with 'No access' to Teams in the System Console. | ||||
| CVE-2024-38179 | 1 Microsoft | 1 Azure Stack Hci | 2025-07-08 | 8.8 High |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | ||||
| CVE-2024-38190 | 1 Microsoft | 1 Power Platform | 2025-07-08 | 8.6 High |
| Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | ||||
| CVE-2022-30203 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-07-08 | 7.4 High |
| Windows Boot Manager Security Feature Bypass Vulnerability | ||||
| CVE-2025-3227 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 4.3 Medium |
| Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel. | ||||
| CVE-2025-3228 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-07-08 | 4.3 Medium |
| Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run. | ||||