Search Results (11638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27310 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 6.6 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
CVE-2023-27462 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 3.1 Low
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
CVE-2023-1296 1 Hashicorp 1 Nomad 2025-02-27 2.7 Low
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
CVE-2023-1299 1 Hashicorp 1 Nomad 2025-02-27 7.4 High
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
CVE-2023-25594 1 Arubanetworks 1 Clearpass Policy Manager 2025-02-27 6.3 Medium
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
CVE-2023-27309 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 5 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
CVE-2023-5454 1 Templately 1 Templately 2025-02-26 7.5 High
The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.
CVE-2023-5352 1 Getawesomesupport 1 Awesome Support 2025-02-26 4.3 Medium
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
CVE-2023-21034 1 Google 1 Android 2025-02-26 7.8 High
In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834
CVE-2023-21021 1 Google 1 Android 2025-02-26 7.8 High
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598
CVE-2023-21005 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946
CVE-2023-21004 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664
CVE-2023-21003 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711
CVE-2023-21001 1 Google 1 Android 2025-02-26 7.8 High
In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190
CVE-2024-32818 1 Pluginus 1 Wordpress Meta Data And Taxonomies Filter 2025-02-26 4.3 Medium
Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.
CVE-2023-21002 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935
CVE-2023-0940 1 Metagauss 1 Profilegrid 2025-02-26 8.8 High
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.
CVE-2022-4148 1 Dash10 1 Oauth Server 2025-02-26 4.3 Medium
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
CVE-2022-45636 1 Megafeis 1 Bofei Dbd\+ 2025-02-26 8.1 High
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.
CVE-2023-25924 1 Ibm 1 Security Key Lifecycle Manager 2025-02-26 5.4 Medium
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630.