Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3041 | 1 Projectworlds | 1 Online Time Table Generator | 2025-07-09 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3042 | 1 Projectworlds | 1 Online Time Table Generator | 2025-07-09 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-27744 | 1 Microsoft | 1 Office | 2025-07-09 | N/A | 7.8 HIGH |
| Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-7175 | 1 Fabianros | 1 E-commerce Site | 2025-07-08 | N/A | 7.2 HIGH |
| A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7124 | 1 Anisha | 1 Online Note Sharing | 2025-07-08 | N/A | 8.8 HIGH |
| A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32726 | 1 Microsoft | 1 Visual Studio Code | 2025-07-08 | N/A | 6.8 MEDIUM |
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-23365 | 2025-07-08 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code. | |||||
| CVE-2025-6161 | 1 Fabianros | 1 Simple Food Ordering System | 2025-07-07 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24076 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-07 | N/A | 7.3 HIGH |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-6786 | 2025-07-04 | N/A | 5.3 MEDIUM | ||
| The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to. | |||||
| CVE-2024-35122 | 1 Ibm | 1 I | 2025-07-03 | N/A | 2.8 LOW |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | |||||
| CVE-2025-24994 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-07-03 | N/A | 7.3 HIGH |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-7476 | 1 Lunary | 1 Lunary | 2025-07-02 | N/A | N/A |
| A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3. | |||||
| CVE-2024-11137 | 1 Lunary | 1 Lunary | 2025-07-02 | N/A | N/A |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in the `PATCH /v1/runs/:id/score` endpoint of lunary-ai/lunary version 1.6.0. This vulnerability allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the `runId_score` in the database. The endpoint does not sufficiently validate whether the authenticated user has permission to modify the specified runId, enabling an attacker with a valid account to modify other users' runId scores by specifying different id values. This issue was fixed in version 1.6.1. | |||||
| CVE-2024-10330 | 1 Lunary | 1 Lunary | 2025-07-02 | N/A | N/A |
| In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data. | |||||
| CVE-2024-10275 | 1 Lunary | 1 Lunary | 2025-07-02 | N/A | N/A |
| In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manage billing, effectively bypassing the intended role-based access control. Only users with the 'owner' role should be allowed to invite members with billing permissions. This flaw allows admins to circumvent those restrictions, gaining unauthorized access and control over billing information, posing a risk to the organization’s financial resources. | |||||
| CVE-2025-2955 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2025-07-02 | N/A | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2688 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2025-07-02 | N/A | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24042 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | N/A | 7.3 HIGH |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | |||||
| CVE-2025-27153 | 2025-07-01 | N/A | N/A | ||
| Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11. | |||||