Search Results (11609 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45393 1 Cvat 1 Computer Vision Annotation Tool 2025-01-21 6.4 Medium
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account can access webhook delivery information for any webhook registered on the CVAT instance, including that of other users. For each delivery, this contains information about the event that caused the delivery, typically including full details about the object on which an action was performed (such as the task for an "update:task" event), and the user who performed the action. In addition, the attacker can redeliver any past delivery of any webhook, and trigger a ping event for any webhook. Upgrade to CVAT 2.18.0 or any later version.
CVE-2023-31826 1 Skyscreamer 1 Nevado Jms 2025-01-17 7.8 High
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.
CVE-2023-27384 1 Cybozu 1 Garoon 2025-01-17 4.3 Medium
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
CVE-2023-27304 1 Cybozu 1 Garoon 2025-01-17 4.3 Medium
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
CVE-2023-1144 1 Deltaww 1 Infrasuite Device Master 2025-01-16 8.8 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1136 1 Deltaww 1 Infrasuite Device Master 2025-01-16 9.8 Critical
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.
CVE-2023-33983 1 Briarproject 1 Briar 2025-01-16 7.4 High
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.
CVE-2023-5611 1 S-sols 1 Seraphinite Accelerator 2025-01-16 5.3 Medium
The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
CVE-2023-1158 1 Hitachi 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server 2025-01-16 4.3 Medium
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
CVE-2023-31226 1 Huawei 1 Emui 2025-01-15 7.5 High
The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-33779 1 Xuxueli 1 Xxl-job 2025-01-14 8.8 High
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
CVE-2023-32316 1 Fit2cloud 1 Cloudexplorer 2025-01-14 7.1 High
CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.
CVE-2023-32311 1 Fit2cloud 1 Cloudexplorer 2025-01-14 7.1 High
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2024-29229 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 7.7 High
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2024-29228 1 Synology 2 Diskstation Manager, Surveillance Station 2025-01-14 7.7 High
Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2021-26563 1 Synology 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more 2025-01-14 8.2 High
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
CVE-2023-2945 1 Open-emr 1 Openemr 2025-01-14 5.4 Medium
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-24605 1 Open-xchange 1 Ox App Suite 2025-01-14 4.2 Medium
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
CVE-2023-24600 1 Open-xchange 1 Ox App Suite 2025-01-14 4.3 Medium
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
CVE-2023-28352 2 Faronics, Microsoft 2 Insight, Windows 2025-01-13 7.4 High
An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.