Export limit exceeded: 10387 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10387 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47474 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-47807 | 1 10web | 1 10webanalytics | 2025-03-06 | 4.3 Medium |
| Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. | ||||
| CVE-2023-45272 | 1 10web | 1 Map Builder For Google Maps | 2025-03-06 | 5.4 Medium |
| Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | ||||
| CVE-2023-4059 | 1 Cozmoslabs | 1 Profile Builder | 2025-03-06 | 4.3 Medium |
| The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | ||||
| CVE-2023-42553 | 1 Samsung | 1 Email | 2025-03-06 | 4 Medium |
| Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | ||||
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2025-03-06 | 4 Medium |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | ||||
| CVE-2023-3814 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-03-06 | 4.9 Medium |
| The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | ||||
| CVE-2023-0328 | 1 Wpcode | 1 Wpcode | 2025-03-06 | 4.3 Medium |
| The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). | ||||
| CVE-2022-47479 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47476 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-26510 | 1 Ghost | 1 Ghost | 2025-03-06 | 5.7 Medium |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | ||||
| CVE-2023-22891 | 1 Smartbear | 1 Zephyr Enterprise | 2025-03-05 | 8.1 High |
| There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | ||||
| CVE-2022-47483 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-47482 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-47481 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-47480 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2023-26056 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 5.4 Medium |
| XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue. | ||||
| CVE-2023-22251 | 1 Adobe | 2 Commerce, Magento Open Source | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure. | ||||
| CVE-2023-26957 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-03-05 | 9.1 Critical |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | ||||
| CVE-2023-22248 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 7.5 High |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction. | ||||