| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Philips SureSigns VS4, A.07.107 and prior
does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| When an actor claims to have a given identity,
Philips SureSigns VS4, A.07.107 and prior
does not prove or insufficiently proves the claim is correct. |
| In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. |
| Improper Access Controls allows backend users to overwrite their username when disallowed. |
| Improper Access Controls allows access to protected views. |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. |
| CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevate their permissions to access additional
features in the console. The attack complexity is low, there are no
preexisting attack requirements; the privileges required are high, and
there is no user interaction required. The impact to system
confidentiality is low, the impact to system integrity is high and the
impact to system availability is low. |
| The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post. |
| A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. |
| Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. |
| Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass.
This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. |
| Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. |
| CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high. |
| Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. |
| The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address. |
| A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. |
| Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Authentication Bypass.This issue affects airleader MASTER: 3.00571. |
