Export limit exceeded: 341843 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10008 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10008 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4334 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 8.8 High |
| The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | ||||
| CVE-2021-4194 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 6.5 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4133 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Rhosemc | 2024-11-21 | 8.8 High |
| A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | ||||
| CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 Medium |
| snipe-it is vulnerable to Improper Access Control | ||||
| CVE-2021-4026 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.3 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-46891 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-46890 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-46820 | 1 Xos-shop | 1 Xos Shop System | 2024-11-21 | 8.1 High |
| Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php | ||||
| CVE-2021-46561 | 1 Mitre | 1 Cve Services | 2024-11-21 | 7.2 High |
| controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | ||||
| CVE-2021-46075 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 7.2 High |
| A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations. | ||||
| CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.3 Medium |
| In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | ||||
| CVE-2021-45457 | 1 Apache | 1 Kylin | 2024-11-21 | 7.5 High |
| In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | ||||
| CVE-2021-45339 | 1 Avast | 1 Antivirus | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. | ||||
| CVE-2021-45102 | 1 Wisc | 1 Htcondor | 2024-11-21 | 8.8 High |
| An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. | ||||
| CVE-2021-44857 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.5 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. | ||||
| CVE-2021-44840 | 1 Deltarm | 1 Delta Rm | 2024-11-21 | 2.7 Low |
| An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid parameter and the operation with datas[query], it is possible to edit, create, and delete the following labels: Priority Indication, Quality Evaluation, Progress Margin and Priority. Furthermore, it is also possible to export Criticality labels with an unprivileged user. | ||||
| CVE-2021-44795 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui" module. A remote attacker could exploit this vulnerability to modify users permissions. The exploitation of this vulnerability might allow a remote attacker to delete permissions from other users without authenticating. | ||||
| CVE-2021-44794 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | ||||
| CVE-2021-44793 | 1 Krontech | 1 Single Connect | 2024-11-21 | 8.6 High |
| Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. | ||||
| CVE-2021-44792 | 1 Krontech | 1 Single Connect | 2024-11-21 | 5.3 Medium |
| Single Connect does not perform an authorization check when using the "log-monitor" module. A remote attacker could exploit this vulnerability to access the logging interface. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information. | ||||