Critical
CVE-2025-43564
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could lev…
Tag: Security Misconfiguration
All CVEs associated with "Security Misconfiguration". Page 20/50 • 5958 CVEs.
Subscribe CVEs: RSS for “Security Misconfiguration” · RSS (High+Critical only)
About “Security Misconfiguration”
A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-05-13
Critical
CVE-2025-43563
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could lev…
Medium
CVE-2025-22844
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
High
CVE-2025-20100
Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local…
Medium
CVE-2025-20076
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
High
CVE-2025-20052
Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access.
Medium
CVE-2024-45371
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access.
High
CVE-2024-45333
Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local…
Medium
CVE-2024-43101
Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service…
Medium
CVE-2024-39758
Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access.
Critical
CVE-2025-4660
A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does n…
High
CVE-2025-29973
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-43008
Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availabi…
Medium
CVE-2025-43004
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Sinc…
Medium
CVE-2025-43002
SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrit…
2025-05-12
High
CVE-2025-46737
SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which i…
2025-05-08
High
CVE-2025-33072
Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
Critical
CVE-2024-11186
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impact…
2025-05-07
Medium
CVE-2025-20213
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an af…
Medium
CVE-2025-47692
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a thr…
Medium
CVE-2025-47688
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File…
Medium
CVE-2025-47628
Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through…
Medium
CVE-2025-47612
Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.…
Medium
CVE-2025-47602
Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce calculate-prices-based-on-distance-for-woocommerce allows Exploiting Incorrectly Configured Acc…
Medium
CVE-2025-47591
Missing Authorization vulnerability in CreedAlly Bulk Featured Image bulk-featured-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Featured Image…
Medium
CVE-2025-47528
Missing Authorization vulnerability in pewilliams Ovation Elements ovation-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovation Elements: from n…
Medium
CVE-2025-47526
Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…
Medium
CVE-2025-47486
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Plus: from n/a thro…
Medium
CVE-2025-47485
Missing Authorization vulnerability in CozyThemes Cozy Blocks cozy-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cozy Blocks: from n/a through <= 2…
Medium
CVE-2025-47480
Missing Authorization vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Graphina:…
Medium
CVE-2025-47472
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
Medium
CVE-2025-47471
Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.…
Medium
CVE-2025-47469
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4…
Medium
CVE-2025-47467
Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider…
Medium
CVE-2025-47465
Missing Authorization vulnerability in creativethemeshq Blocksy blocksy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blocksy: from n/a through <= 2.0.97.
Medium
CVE-2025-47457
Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through <=…
Medium
CVE-2025-47450
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: f…
Medium
CVE-2025-20978
Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege.
Medium
CVE-2025-20970
Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.
High
CVE-2025-20968
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perfo…
Medium
CVE-2025-20967
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary fil…
Medium
CVE-2025-20966
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across…
High
CVE-2025-20957
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.
Medium
CVE-2025-20953
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
2025-05-05
Medium
CVE-2025-4316
Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.…
Medium
CVE-2025-4269
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manip…
2025-05-03
Medium
CVE-2025-1495
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
2025-05-01
Medium
CVE-2025-46631
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet…
Medium
CVE-2025-46630
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /gofo…
2025-04-30
Medium
CVE-2024-30146
Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.
Medium
CVE-2025-39413
Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a thro…
High
CVE-2025-21416
Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network.
Medium
CVE-2025-4119
A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation o…
Medium
CVE-2025-4118
A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the ar…
2025-04-29
Medium
CVE-2025-4067
A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to impro…
High
CVE-2025-4066
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation l…
High
CVE-2025-4065
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipula…
Medium
CVE-2025-4064
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to…
2025-04-28
Medium
CVE-2025-4036
A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/Au…
Medium
CVE-2025-39367
Missing Authorization vulnerability in SeventhQueen Kleo kleo.This issue affects Kleo: from n/a through < 5.4.4.
2025-04-27
High
CVE-2025-3963
A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component…
High
CVE-2025-3960
A vulnerability was found in withstars Books-Management-System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /allreaders.html of the component B…
2025-04-25
Medium
CVE-2025-46535
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Re…
2025-04-24
Medium
CVE-2025-46519
Missing Authorization vulnerability in M.Code Media Library Downloader media-library-downloader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Librar…
Medium
CVE-2025-46489
Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This is…
Medium
CVE-2025-46485
Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Customize Lo…
Medium
CVE-2025-46470
Missing Authorization vulnerability in Peter Raschendorfer Smart Hashtags [#hashtagger] hashtagger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Has…
Medium
CVE-2025-39390
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue…
Medium
CVE-2025-39385
Missing Authorization vulnerability in vowelweb Sirat sirat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sirat: from n/a through <= 1.5.1.
Medium
CVE-2024-30148
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.
High
CVE-2021-47662
Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.
2025-04-23
Critical
CVE-2025-42605
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remo…
High
CVE-2025-1021
Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspeci…
2025-04-22
Medium
CVE-2025-46247
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Appointm…
Medium
CVE-2025-46244
Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
Medium
CVE-2025-46232
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from…
2025-04-18
Medium
CVE-2025-3790
A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulati…
2025-04-17
Medium
CVE-2025-3124
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Securi…
High
CVE-2025-39583
Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/…
Medium
CVE-2025-39580
Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through <= 3.1.8.
Medium
CVE-2025-39559
Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce bring-fraktguiden-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss…
Medium
CVE-2025-39554
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech ai-text-to-speech allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Text…
High
CVE-2025-39533
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing:…
High
CVE-2025-39532
Missing Authorization vulnerability in spicethemes Spice Blocks spice-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spice Blocks: from n/a through…
Medium
CVE-2025-39457
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…
Medium
CVE-2025-39456
Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
High
CVE-2025-32620
Missing Authorization vulnerability in fromdoppler Doppler Forms doppler-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Doppler Forms: from n/a throug…
High
CVE-2025-32593
Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce add-product-frontend-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Level…
High
CVE-2025-32544
Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers woocommerce-loyal-customer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woo…
Medium
CVE-2025-27310
Missing Authorization vulnerability in Radius of Thought Page and Post Lister page-and-post-lister allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page and…
High
CVE-2025-26968
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a thr…
Medium
CVE-2025-24737
Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Helper Premium: from…
Medium
CVE-2025-24583
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meet…
Medium
CVE-2025-24581
Missing Authorization vulnerability in Themefic Instantio instantio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instantio: from n/a through <= 3.3.7.
Medium
CVE-2025-24577
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0.
Medium
CVE-2025-23958
Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color editor-wysiwyg-background-color allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
Medium
CVE-2025-23906
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from…
Medium
CVE-2025-23773
Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1.
High
CVE-2025-25234
Omnissa UAG contains a Cross-Origin Resource Sharing (CORS) bypass vulnerability. A malicious actor with network access to UAG may be able to bypass administrator-configured CORS restrictions to gain…
Medium
CVE-2025-31338
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the A…
2025-04-16
Medium
CVE-2025-39602
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite wc-product-table-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
Medium
CVE-2025-39591
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscriptio…
Medium
CVE-2025-39571
Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 4.2.4.
Medium
CVE-2025-39560
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.
Medium
CVE-2025-39552
Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Proj…
Medium
CVE-2025-39545
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec…
Medium
CVE-2025-39531
Missing Authorization vulnerability in slazzercom Slazzer Background Changer slazzer-background-changer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slazzer Back…
Medium
CVE-2025-39522
Missing Authorization vulnerability in Service2Client LLC Dynamic Post dynamic-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Post: from n/a t…
Medium
CVE-2025-39513
Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Act…
High
CVE-2025-30960
Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8.
Medium
CVE-2025-3675
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipu…
Medium
CVE-2025-3674
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi…
Medium
CVE-2025-3668
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The mani…
Medium
CVE-2025-3667
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads t…
Medium
CVE-2025-3666
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation lea…
Medium
CVE-2025-3665
A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The…
Medium
CVE-2025-3664
A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation…
Medium
CVE-2025-3663
A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cst…
Medium
CVE-2025-30100
Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit…
Critical
CVE-2025-30215
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets h…