Total
4218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0661 | 1 Devolutions | 1 Devolutions Server | 2025-03-25 | 6.5 Medium |
| Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | ||||
| CVE-2024-27803 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | 2.4 Low |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen. | ||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8.8 High |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | ||||
| CVE-2024-46430 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 6.5 Medium |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. | ||||
| CVE-2025-2216 | 1 Zzskzy | 1 Warehouse Refinement Management System | 2025-03-25 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2218 | 1 Lovecards | 1 Lovecards | 2025-03-25 | 5.3 Medium |
| A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2219 | 1 Lovecards | 1 Lovecards | 2025-03-25 | 7.3 High |
| A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-24300 | 1 4ipnet | 2 Eap-767, Eap-767 Firmware | 2025-03-25 | 9.8 Critical |
| 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged. | ||||
| CVE-2024-21115 | 1 Oracle | 1 Vm Virtualbox | 2025-03-25 | 8.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2023-0744 | 1 Answer | 1 Answer | 2025-03-25 | 9.8 Critical |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2022-30564 | 1 Dahuasecurity | 194 Ipc-hf5241f-ze, Ipc-hf5241f-ze Firmware, Ipc-hf5442f-ze and 191 more | 2025-03-25 | 5.3 Medium |
| Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. | ||||
| CVE-2023-21427 | 1 Samsung | 1 Android | 2025-03-24 | 5.4 Medium |
| Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. | ||||
| CVE-2023-24688 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | 5.3 Medium |
| An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. | ||||
| CVE-2023-21442 | 1 Samsung | 1 Android | 2025-03-24 | 4 Medium |
| Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. | ||||
| CVE-2023-21445 | 1 Samsung | 1 Android | 2025-03-24 | 5.5 Medium |
| Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent. | ||||
| CVE-2023-21447 | 1 Samsung | 1 Cloud | 2025-03-24 | 4 Medium |
| Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. | ||||
| CVE-2023-21438 | 1 Samsung | 1 Android | 2025-03-24 | 2.1 Low |
| Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. | ||||
| CVE-2022-46676 | 1 Dell | 1 Wyse Management Suite | 2025-03-24 | 4.9 Medium |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. | ||||
| CVE-2022-46678 | 1 Dell | 1 Wyse Management Suite | 2025-03-24 | 4.9 Medium |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | ||||
| CVE-2022-46677 | 1 Dell | 1 Wyse Management Suite | 2025-03-24 | 6.8 Medium |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. | ||||