Export limit exceeded: 11604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46312 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | 7.5 High |
| The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications. | ||||
| CVE-2020-14504 | 1 Rockwellautomation | 4 1734-aentr Point I\/o Dual Port Network Adaptor Series B, 1734-aentr Point I\/o Dual Port Network Adaptor Series B Firmware, 1734-aentr Point I\/o Dual Port Network Adaptor Series C and 1 more | 2025-04-17 | 5.3 Medium |
| The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. | ||||
| CVE-2023-42231 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 8.1 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function. | ||||
| CVE-2023-42228 | 1 Zucchetti | 1 Helpdeskadvanced | 2025-04-17 | 8.8 High |
| Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function. | ||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2021-38417 | 1 Visam | 1 Vbase Web-remote | 2025-04-17 | 7.4 High |
| VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing. | ||||
| CVE-2025-24427 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-17 | 6.5 Medium |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-41963 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 2.7 Low |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1 | ||||
| CVE-2025-30215 | 2025-04-17 | 9.6 Critical | ||
| NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with JS management permissions in any account to perform certain administrative actions on any JS asset in any other account. At least one of the unprotected APIs allows for data destruction. None of the affected APIs allow disclosing stream contents. This vulnerability is fixed in v2.11.1 or v2.10.27. | ||||
| CVE-2022-46400 | 1 Microchip | 18 Bm70, Bm70 Firmware, Bm71 and 15 more | 2025-04-17 | 5.4 Medium |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. | ||||
| CVE-2022-42453 | 1 Hcltech | 1 Bigfix Platform | 2025-04-17 | 6.9 Medium |
| There are insufficient warnings when a Fixlet is imported by a user. The warning message currently assumes the owner of the script is the logged in user, with insufficient warnings when attempting to run the script. | ||||
| CVE-2022-40494 | 1 Ehang-io | 1 Nps | 2025-04-17 | 9.8 Critical |
| NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. | ||||
| CVE-2025-31725 | 1 Jenkins | 1 Monitor-remote-job | 2025-04-17 | 5.5 Medium |
| Jenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2022-47547 | 1 Protocol | 1 Gossipsub | 2025-04-17 | 5.3 Medium |
| GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages. | ||||
| CVE-2022-46316 | 1 Huawei | 1 Harmonyos | 2025-04-17 | 9.8 Critical |
| A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | ||||
| CVE-2022-46313 | 1 Huawei | 1 Harmonyos | 2025-04-17 | 5.3 Medium |
| The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone. | ||||
| CVE-2022-41590 | 1 Huawei | 1 Harmonyos | 2025-04-16 | 5.5 Medium |
| Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability. | ||||
| CVE-2022-34270 | 1 Rws | 1 Worldserver | 2025-04-16 | 9.8 Critical |
| An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager. | ||||
| CVE-2024-22078 | 2 Elspec, Elspec-ltd | 3 G5 Digital Fault Recorder, G5dfr, G5dfr Firmware | 2025-04-16 | 8.8 High |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. | ||||