Export limit exceeded: 11537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10601 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26531 | 1 Moodle | 1 Moodle | 2025-08-07 | 3.1 Low |
| Insufficient capability checks made it possible to disable badges a user does not have permission to access. | ||||
| CVE-2025-26532 | 1 Moodle | 1 Moodle | 2025-08-06 | 3.1 Low |
| Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. | ||||
| CVE-2025-0781 | 2 Debian, Flightgear | 2 Debian Linux, Simgear | 2025-08-06 | 8.6 High |
| An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. | ||||
| CVE-2024-3976 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users. | ||||
| CVE-2024-1539 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. | ||||
| CVE-2025-0516 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.3 Medium |
| Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data. | ||||
| CVE-2024-7296 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 2.7 Low |
| An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users. | ||||
| CVE-2025-2045 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.3 Medium |
| Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. | ||||
| CVE-2025-1540 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." | ||||
| CVE-2024-23823 | 1 Vantage6 | 1 Vantage6 | 2025-08-06 | 4.2 Medium |
| vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-8335 | 1 Code-projects | 1 Simple Car Rental System | 2025-08-05 | 4.3 Medium |
| A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8434 | 2 Anisha, Code Projects | 2 Online Movie Streaming, Online Movie Streaming | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8435 | 2 Anisha, Code-projects | 2 Online Movie Streaming, Online Movie Streaming | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-12431 | 1 Gitlab | 1 Gitlab | 2025-08-05 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. | ||||
| CVE-2024-29240 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-08-04 | 4.3 Medium |
| Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors. | ||||
| CVE-2025-53113 | 1 Glpi-project | 1 Glpi | 2025-08-04 | 2.7 Low |
| GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links feature to fetch information on items they do not have the right to see. This is fixed in version 10.0.19. | ||||
| CVE-2025-53112 | 1 Glpi-project | 1 Glpi | 2025-08-04 | 4.3 Medium |
| GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.19. | ||||
| CVE-2025-53111 | 1 Glpi-project | 1 Glpi | 2025-08-04 | 6.5 Medium |
| GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19. | ||||
| CVE-2025-6993 | 1 Rustaurius | 1 Ultimate Wp Mail | 2025-08-02 | 7.5 High |
| The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the ‘edit_posts’ capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin’s reset link and elevate their privileges to administrator. | ||||
| CVE-2025-43862 | 1 Langgenius | 1 Dify | 2025-08-01 | 7.6 High |
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs. | ||||