Total
3567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32904 | 1 Apple | 1 Macos | 2025-05-06 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. | ||||
| CVE-2025-4051 | 2025-05-06 | 6.3 Medium | ||
| Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | ||||
| CVE-2024-20325 | 1 Cisco | 1 Unified Intelligence Center | 2025-05-06 | 5.1 Medium |
| A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | ||||
| CVE-2025-25962 | 2025-05-06 | 9.8 Critical | ||
| An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function | ||||
| CVE-2024-48905 | 2025-05-06 | 9.1 Critical | ||
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | ||||
| CVE-2025-45613 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45612 | 2025-05-06 | 9.8 Critical | ||
| Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | ||||
| CVE-2025-45611 | 2025-05-06 | 9.8 Critical | ||
| Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | ||||
| CVE-2025-45610 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45609 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45608 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45618 | 2025-05-06 | 6.5 Medium | ||
| Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45617 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45616 | 2025-05-06 | 9.8 Critical | ||
| Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. | ||||
| CVE-2025-45615 | 2025-05-06 | 9.8 Critical | ||
| Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. | ||||
| CVE-2025-45614 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45237 | 2025-05-06 | 7.5 High | ||
| Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password. | ||||
| CVE-2025-4258 | 2025-05-05 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4259 | 2025-05-05 | 6.3 Medium | ||
| A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||