Total
1599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7296 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | N/A |
| An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users. | |||||
| CVE-2025-2045 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | N/A |
| Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. | |||||
| CVE-2025-1540 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.2 MEDIUM |
| An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances." | |||||
| CVE-2025-8435 | 1 Anisha | 1 Online Movie Streaming | 2025-08-05 | N/A | 7.3 HIGH |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8434 | 1 Anisha | 1 Online Movie Streaming | 2025-08-05 | N/A | 7.3 HIGH |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-54554 | 2025-08-04 | N/A | N/A | ||
| tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. | |||||
| CVE-2025-54583 | 1 Finos | 1 Gitproxy | 2025-08-01 | N/A | 6.5 MEDIUM |
| GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2. | |||||
| CVE-2024-9159 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-08-01 | N/A | N/A |
| An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not properly guarded by an admin check. | |||||
| CVE-2025-53902 | 2025-07-29 | N/A | N/A | ||
| Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5. | |||||
| CVE-2025-54532 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | N/A |
| In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies | |||||
| CVE-2025-54533 | 1 Jetbrains | 1 Teamcity | 2025-07-29 | N/A | N/A |
| In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration | |||||
| CVE-2025-54569 | 2025-07-28 | N/A | N/A | ||
| In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation. | |||||
| CVE-2024-45081 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | N/A | 6.5 MEDIUM |
| IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks. | |||||
| CVE-2025-54596 | 2025-07-25 | N/A | N/A | ||
| Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts. | |||||
| CVE-2025-6168 | 1 Gitlab | 1 Gitlab | 2025-07-25 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests. | |||||
| CVE-2025-3396 | 1 Gitlab | 1 Gitlab | 2025-07-25 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests. | |||||
| CVE-2025-4972 | 1 Gitlab | 1 Gitlab | 2025-07-25 | N/A | N/A |
| An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality. | |||||
| CVE-2025-6018 | 2025-07-25 | N/A | 7.8 HIGH | ||
| A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations. | |||||
| CVE-2024-55592 | 1 Fortinet | 1 Fortisiem | 2025-07-25 | N/A | N/A |
| An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. | |||||
| CVE-2025-49549 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-07-24 | N/A | 2.7 LOW |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction. | |||||