Export limit exceeded: 11639 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11639 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25768 1 Acquia 1 Mautic 2025-02-27 7 High
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
CVE-2023-27310 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 6.6 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts.
CVE-2023-27462 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 3.1 Low
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
CVE-2023-1296 1 Hashicorp 1 Nomad 2025-02-27 2.7 Low
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
CVE-2023-1299 1 Hashicorp 1 Nomad 2025-02-27 7.4 High
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
CVE-2023-25594 1 Arubanetworks 1 Clearpass Policy Manager 2025-02-27 6.3 Medium
A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.
CVE-2023-27309 1 Siemens 1 Ruggedcom Crossbow 2025-02-27 5 Medium
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
CVE-2023-5454 1 Templately 1 Templately 2025-02-26 7.5 High
The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.
CVE-2023-5352 1 Getawesomesupport 1 Awesome Support 2025-02-26 4.3 Medium
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.
CVE-2023-21034 1 Google 1 Android 2025-02-26 7.8 High
In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834
CVE-2023-21021 1 Google 1 Android 2025-02-26 7.8 High
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598
CVE-2023-21005 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946
CVE-2023-21004 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664
CVE-2023-21003 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711
CVE-2023-21001 1 Google 1 Android 2025-02-26 7.8 High
In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190
CVE-2024-32818 1 Pluginus 1 Wordpress Meta Data And Taxonomies Filter 2025-02-26 4.3 Medium
Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.
CVE-2023-21002 1 Google 1 Android 2025-02-26 7.8 High
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935
CVE-2023-0940 1 Metagauss 1 Profilegrid 2025-02-26 8.8 High
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.
CVE-2022-4148 1 Dash10 1 Oauth Server 2025-02-26 4.3 Medium
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.
CVE-2022-45636 1 Megafeis 1 Bofei Dbd\+ 2025-02-26 8.1 High
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.