Export limit exceeded: 13912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4987 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30731 | 1 Oracle | 1 Applications Technology Stack | 2025-04-21 | 3.6 Low |
| Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Applications Technology Stack executes to compromise Oracle Applications Technology Stack. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data as well as unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). | ||||
| CVE-2022-47407 | 1 Master-quiz Project | 1 Master-quiz | 2025-04-21 | 6.5 Medium |
| An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers. | ||||
| CVE-2022-42862 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42861 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 8.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to break out of its sandbox. | ||||
| CVE-2022-32945 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | 5.4 Medium |
| An access issue was addressed with additional sandbox restrictions on third-party apps. This issue is fixed in macOS Ventura 13. An app may be able to record audio with paired AirPods. | ||||
| CVE-2022-42865 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-21 | 5.5 Medium |
| This issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42859 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-21 | 5.5 Medium |
| Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-42853 | 1 Apple | 1 Macos | 2025-04-21 | 5.5 Medium |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify protected parts of the file system. | ||||
| CVE-2021-22567 | 1 Dart | 1 Dart Software Development Kit | 2025-04-21 | 4.6 Medium |
| Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | ||||
| CVE-2022-45937 | 1 Siemens | 18 Pxc00-e96.a, Pxc00-e96.a Firmware, Pxc100-e96.a and 15 more | 2025-04-21 | 8.8 High |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. | ||||
| CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2025-04-21 | 8.1 High |
| A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | ||||
| CVE-2017-12340 | 1 Cisco | 1 Nx-os | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513. | ||||
| CVE-2017-5254 | 1 Cambiumnetworks | 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more | 2025-04-20 | N/A |
| In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | ||||
| CVE-2017-6016 | 1 Leao Consultoria E Desenvolvimento De Sistemas | 1 Ltda Me Laquis Scada | 2025-04-20 | N/A |
| An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. | ||||
| CVE-2017-6866 | 1 Siemens | 1 Xhq Server | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level. | ||||
| CVE-2017-7493 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 7.8 High |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. | ||||
| CVE-2017-7918 | 1 Cambium Networks | 8 Epmp 1000, Epmp 1000 Firmware, Epmp 1000 Hotspot and 5 more | 2025-04-20 | N/A |
| An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes. | ||||
| CVE-2017-7928 | 1 Selinc | 4 Sel-3620, Sel-3620 Firmware, Sel-3622 and 1 more | 2025-04-20 | N/A |
| An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices. | ||||
| CVE-2016-10333 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | ||||
| CVE-2016-10026 | 1 Ikiwiki | 1 Ikiwiki | 2025-04-20 | N/A |
| ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. | ||||