Export limit exceeded: 10160 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2850 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21423 | 1 Samsung | 1 Android | 2025-03-24 | 5.1 Medium |
| Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | ||||
| CVE-2023-21424 | 1 Samsung | 1 Android | 2025-03-24 | 5.1 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | ||||
| CVE-2025-27138 | 1 Dataease | 1 Dataease | 2025-03-21 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | ||||
| CVE-2022-34397 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2025-03-21 | 6.9 Medium |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. | ||||
| CVE-2023-0133 | 1 Google | 2 Android, Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2025-03-20 | 6.5 Medium |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | ||||
| CVE-2024-36265 | 1 Apache | 1 Submarine | 2025-03-19 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-57032 | 1 Wegia | 1 Wegia | 2025-03-19 | 9.8 Critical |
| WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. | ||||
| CVE-2023-24485 | 1 Citrix | 1 Workspace | 2025-03-19 | 7.8 High |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | ||||
| CVE-2023-23064 | 1 Totolink | 2 A720r, A720r Firmware | 2025-03-18 | 9.8 Critical |
| TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. | ||||
| CVE-2021-32163 | 1 Linuxfoundation | 1 Modular Open Smart Network | 2025-03-18 | 9.8 Critical |
| Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. | ||||
| CVE-2025-21517 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 4.3 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2023-0952 | 1 Devolutions | 1 Devolutions Server | 2025-03-17 | 6.5 Medium |
| Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. | ||||
| CVE-2024-21083 | 1 Oracle | 1 Bi Publisher | 2025-03-17 | 7.2 High |
| Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-21010 | 1 Oracle | 1 Hospitality Simphony | 2025-03-17 | 9.9 Critical |
| Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-7265 | 2 Nask, Nask-pib | 2 Ezd Rp, Ezd Rp | 2025-03-17 | 8.8 High |
| Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2. | ||||
| CVE-2024-6512 | 1 Devolutions | 1 Devolutions Server | 2025-03-14 | 6.5 Medium |
| Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | ||||
| CVE-2024-49209 | 1 Archerirm | 1 Archer | 2025-03-14 | 6.5 Medium |
| Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons. | ||||
| CVE-2024-49208 | 1 Archerirm | 1 Archer | 2025-03-14 | 5.9 Medium |
| Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete system icons. | ||||
| CVE-2024-46918 | 1 Misp | 1 Misp | 2025-03-13 | 9.8 Critical |
| app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | ||||