Export limit exceeded: 10671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10671 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21894 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2025-01-02 | 4.4 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect Cloud Agent, Macos and 2 more | 2025-01-02 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | ||||
| CVE-2023-21560 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-01-01 | 6.6 Medium |
| Windows Boot Manager Security Feature Bypass Vulnerability | ||||
| CVE-2023-35149 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-12-30 | 6.5 Medium |
| A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||||
| CVE-2022-31644 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | 7.8 High |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||||
| CVE-2022-31646 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | 7.8 High |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||||
| CVE-2021-4362 | 1 Wpkube | 1 Kiwi Social Share | 2024-12-28 | 9.8 Critical |
| The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version. | ||||
| CVE-2023-36504 | 1 Bbsetheme | 1 Bbs E-popup | 2024-12-26 | 6.5 Medium |
| Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5. | ||||
| CVE-2018-9374 | 1 Google | 2 Android, Pixel | 2024-12-18 | 7.8 High |
| In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2017-13316 | 1 Google | 2 Android, Pixel | 2024-12-18 | 8.4 High |
| In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9477 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2018-9469 | 1 Google | 1 Android | 2024-12-18 | 8.4 High |
| In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-43087 | 1 Google | 1 Android | 2024-12-18 | 8.4 High |
| In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-21122 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191 | ||||
| CVE-2023-21123 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 | ||||
| CVE-2017-13314 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21270 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43088 | 1 Google | 1 Android | 2024-12-17 | 8.4 High |
| In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43089 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-28175 | 1 Bosch | 16 Divar Ip 3000, Divar Ip 3000 Firmware, Divar Ip 4000 and 13 more | 2024-12-17 | 7.1 High |
| Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. | ||||