Total
1043 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15201 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | ||||
| CVE-2017-15207 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | ||||
| CVE-2017-15206 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | ||||
| CVE-2017-15200 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | ||||
| CVE-2017-15199 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | ||||
| CVE-2017-15197 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | ||||
| CVE-2017-15196 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | ||||
| CVE-2017-0882 | 1 Gitlab | 1 Gitlab | 2025-04-20 | N/A |
| Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. | ||||
| CVE-2017-15209 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | ||||
| CVE-2023-51141 | 1 Zkteco | 1 Biotime | 2025-04-18 | 6.5 Medium |
| An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | ||||
| CVE-2022-34150 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2025-04-16 | 7.1 High |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. | ||||
| CVE-2022-33944 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2025-04-16 | 6.5 Medium |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. | ||||
| CVE-2025-31933 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can check the existence of usernames in the system by querying an API. | ||||
| CVE-2025-31357 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can obtain a user's plant list by knowing the username. | ||||
| CVE-2025-31941 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. | ||||
| CVE-2025-27568 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request. | ||||
| CVE-2025-30254 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username. | ||||
| CVE-2025-27939 | 2025-04-16 | 7.5 High | ||
| An attacker can change registered email addresses of other users and take over arbitrary accounts. | ||||
| CVE-2025-27938 | 2025-04-16 | 5.3 Medium | ||
| Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms"). | ||||
| CVE-2025-30514 | 2025-04-16 | 5.3 Medium | ||
| Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes"). | ||||