Total
2291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27602 | 1 Umbraco | 1 Umbraco Cms | 2025-07-12 | 4.9 Medium |
| Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. No known workarounds are available. | ||||
| CVE-2025-2424 | 1 Mattermost | 1 Mattermost | 2025-07-12 | 3.1 Low |
| Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation. | ||||
| CVE-2025-2527 | 1 Mattermost | 1 Mattermost | 2025-07-12 | 4.3 Medium |
| Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request. | ||||
| CVE-2025-30074 | 1 Parallels | 1 Parallels Desktop | 2025-07-12 | 7.8 High |
| Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. | ||||
| CVE-2025-30155 | 1 Enalean | 1 Tuleap | 2025-07-12 | 4.3 Medium |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8. | ||||
| CVE-2025-30163 | 1 Cilium | 1 Cilium | 2025-07-12 | 3.4 Low |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints. | ||||
| CVE-2025-30171 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-12 | 9 Critical |
| System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||||
| CVE-2025-30741 | 1 Pixelfed | 1 Pixelfed | 2025-07-12 | 4.3 Medium |
| Pixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewhere in the Fediverse, if they otherwise have any followers from a Pixelfed instance. | ||||
| CVE-2025-31481 | 1 Api-platform | 1 Core | 2025-07-12 | 7.5 High |
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Using the Relay special node type you can bypass the configured security on an operation. This vulnerability is fixed in 4.0.22 and 3.4.17. | ||||
| CVE-2024-10109 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-11 | N/A |
| A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats. | ||||
| CVE-2024-8116 | 1 Gitlab | 1 Gitlab | 2025-07-11 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. | ||||
| CVE-2024-8650 | 1 Gitlab | 1 Gitlab | 2025-07-11 | 5.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. | ||||
| CVE-2024-10043 | 1 Gitlab | 1 Gitlab | 2025-07-11 | 3.1 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | ||||
| CVE-2025-3880 | 1 Opinionstage | 1 Poll\, Survey \& Quiz Maker | 2025-07-11 | 4.3 Medium |
| The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected. | ||||
| CVE-2025-48473 | 1 Freescout | 1 Freescout | 2025-07-11 | 4.3 Medium |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other mailboxes or from other conversations to which they do not have access (access restriction to conversations is implemented by the show_only_assigned_conversations setting, which is also not checked). This issue has been patched in version 1.8.179. | ||||
| CVE-2025-36578 | 1 Dell | 1 Wyse Management Suite | 2025-07-11 | 6.8 Medium |
| Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | ||||
| CVE-2024-29821 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-10 | N/A |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | ||||
| CVE-2024-29213 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-10 | N/A |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | ||||
| CVE-2023-24932 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | 6.7 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-6702 | 1 Linlinjava | 1 Litemall | 2025-07-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||