Export limit exceeded: 342293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10020 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36516 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 7.6 High |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | ||||
| CVE-2023-36515 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 7.3 High |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | ||||
| CVE-2023-36387 | 1 Apache | 1 Superset | 2024-11-21 | 5.4 Medium |
| An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. | ||||
| CVE-2023-36339 | 1 Webboss | 1 Webboss.io Cms | 2024-11-21 | 7.5 High |
| An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | ||||
| CVE-2023-36140 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-11-21 | 9.8 Critical |
| In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | ||||
| CVE-2023-36092 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2024-11-21 | 9.8 Critical |
| Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-36091 | 2 D-link, Dlink | 3 Dir-895, Dir-895l, Dir-895l Firmware | 2024-11-21 | 9.8 Critical |
| Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-36090 | 1 Dlink | 2 Dir-885l, Dir-885l Firmware | 2024-11-21 | 9.8 Critical |
| Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-36089 | 2 D-link, Dlink | 3 Dir-645 Firmware, Dir-645, Dir-645 Firmware | 2024-11-21 | 9.8 Critical |
| Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-36002 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | 4.3 Medium |
| A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. | ||||
| CVE-2023-36000 | 2 Apple, Proofpoint | 2 Macos, Insider Threat Management Server | 2024-11-21 | 6.5 Medium |
| A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | ||||
| CVE-2023-35998 | 1 Proofpoint | 1 Insider Threat Management Server | 2024-11-21 | 4.6 Medium |
| A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | ||||
| CVE-2023-35983 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | ||||
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 7.5 High |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | ||||
| CVE-2023-35939 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 8.1 High |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | ||||
| CVE-2023-35937 | 1 Metersphere | 1 Metersphere | 2024-11-21 | 6 Medium |
| Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue. | ||||
| CVE-2023-35908 | 1 Apache | 1 Airflow | 2024-11-21 | 6.5 Medium |
| Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected | ||||
| CVE-2023-35677 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35665 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35653 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||