Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4374 | 1 Redhat | 1 Quay | 2025-07-31 | N/A | 6.5 MEDIUM |
| A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository. | |||||
| CVE-2025-8261 | 1 Vaelsys | 1 Vaelsys | 2025-07-31 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Vaelsys 4.1.0 and classified as critical. This issue affects some unknown processing of the file /grid/vgrid_server.php of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8181 | 2025-07-26 | N/A | 7.2 HIGH | ||
| A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely. | |||||
| CVE-2021-1303 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages. | |||||
| CVE-2024-40591 | 1 Fortinet | 1 Fortios | 2025-07-17 | N/A | 7.2 HIGH |
| An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. | |||||
| CVE-2025-2653 | 1 Qianfox | 1 Foxcms | 2025-07-16 | N/A | 4.3 MEDIUM |
| A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52836 | 2025-07-16 | N/A | N/A | ||
| Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Privilege Escalation. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3. | |||||
| CVE-2024-12901 | 1 Qianfox | 1 Foxcms | 2025-07-15 | N/A | N/A |
| A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2549 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2547 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-15 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. This issue affects some unknown processing of the file /goform/formAdvNetwork. The manipulation leads to improper access controls. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2548 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2546 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-15 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Service. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-13030 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-07-15 | N/A | 9.8 CRITICAL |
| A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2359 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-07-15 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2360 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2025-07-15 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2550 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | N/A | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2553 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | N/A | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation leads to improper access controls. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2551 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | N/A | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to improper access controls. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-2552 | 1 Dlink | 4 Dir-605l, Dir-605l Firmware, Dir-618 and 1 more | 2025-07-14 | N/A | 4.3 MEDIUM |
| A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6735 | 1 Juzaweb | 1 Cms | 2025-07-11 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||