Export limit exceeded: 343535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10397 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 4.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||||
| CVE-2024-28155 | 1 Jenkins | 1 Appspider | 2025-03-29 | 4.3 Medium |
| Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | ||||
| CVE-2024-0043 | 1 Google | 1 Android | 2025-03-29 | 7.8 High |
| In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-31402 | 1 Cybozu | 1 Garoon | 2025-03-28 | 4.3 Medium |
| Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | ||||
| CVE-2023-52352 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-28 | 6.2 Medium |
| In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2025-27103 | 1 Dataease | 1 Dataease | 2025-03-28 | 6.5 Medium |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | ||||
| CVE-2022-39811 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | 9.1 Critical |
| Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). | ||||
| CVE-2021-36909 | 1 Webfactoryltd | 1 Wp Reset Pro | 2025-03-28 | 8.8 High |
| Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | ||||
| CVE-2021-36917 | 1 Wpwave | 1 Hide My Wp | 2025-03-28 | 6.5 Medium |
| WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. | ||||
| CVE-2025-2003 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 7.1 High |
| Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | ||||
| CVE-2024-12148 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 4.3 Medium |
| Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | ||||
| CVE-2024-12196 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 6.5 Medium |
| Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | ||||
| CVE-2024-11670 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 5.4 Medium |
| Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. | ||||
| CVE-2024-11672 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 4.3 Medium |
| Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | ||||
| CVE-2024-4317 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Eus | 2025-03-28 | 3.1 Low |
| Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. | ||||
| CVE-2025-20125 | 1 Cisco | 1 Identity Services Engine | 2025-03-28 | 9.1 Critical |
| A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time. | ||||
| CVE-2025-24662 | 2025-03-27 | 5.3 Medium | ||
| Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnDash LMS: from n/a through 4.20.0.1. | ||||
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2025-03-27 | 4.3 Medium |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | ||||
| CVE-2024-2915 | 1 Devolutions | 1 Devolutions Server | 2025-03-27 | 8.8 High |
| Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request. | ||||
| CVE-2024-30234 | 1 Wpxpo | 1 Wholesalex | 2025-03-27 | 6.5 Medium |
| Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | ||||