Export limit exceeded: 10396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41779 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 4.4 Medium |
| There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | ||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | ||||
| CVE-2024-36376 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | ||||
| CVE-2023-28357 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 4.3 Medium |
| A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | ||||
| CVE-2023-20880 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-01-27 | 6.7 Medium |
| VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||||
| CVE-2023-20877 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | 8.8 High |
| VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation. | ||||
| CVE-2022-43465 | 1 Intel | 1 Setup And Configuration Software | 2025-01-27 | 5 Medium |
| Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-45128 | 1 Intel | 1 Endpoint Management Assistant | 2025-01-27 | 5 Medium |
| Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-41610 | 1 Intel | 2 Endpoint Management Assistant Configuration Tool, Manageability Commander | 2025-01-27 | 5 Medium |
| Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 6.5 Medium |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | ||||
| CVE-2024-10574 | 2025-01-27 | 7.2 High | ||
| The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-21116 | 1 Google | 1 Android | 2025-01-24 | 6.7 Medium |
| In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 | ||||
| CVE-2024-3388 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-01-24 | 4.1 Medium |
| A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | ||||
| CVE-2023-29819 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | 5.5 Medium |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | ||||
| CVE-2023-29818 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | 5.5 Medium |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | ||||
| CVE-2023-39990 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-24 | 5.4 Medium |
| Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3. | ||||
| CVE-2024-24966 | 1 F5 | 2 F5os-a, F5os-c | 2025-01-24 | 6.2 Medium |
| When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-20726 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2731 and 60 more | 2025-01-24 | 3.3 Low |
| In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). | ||||
| CVE-2024-1482 | 1 Github | 1 Enterprise Server | 2025-01-23 | 7.1 High |
| An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-50886 | 1 Wpwax | 1 Legal Pages | 2025-01-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. | ||||