Export limit exceeded: 10569 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10569 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34965 | 1 Sspanel-uim Project | 1 Sspanel-uim | 2025-01-03 | 5.3 Medium |
| SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. | ||||
| CVE-2023-32061 | 1 Discourse | 1 Discourse | 2025-01-02 | 5.4 Medium |
| Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. | ||||
| CVE-2023-3230 | 1 Fossbilling | 1 Fossbilling | 2025-01-02 | 7.5 High |
| Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. | ||||
| CVE-2024-56348 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | 4.3 Medium |
| In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | ||||
| CVE-2024-56349 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | 5.3 Medium |
| In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | ||||
| CVE-2024-56350 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | 4.3 Medium |
| In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | ||||
| CVE-2022-21894 | 1 Microsoft | 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more | 2025-01-02 | 4.4 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2023-48683 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2025-01-02 | N/A |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | ||||
| CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect Cloud Agent, Macos and 2 more | 2025-01-02 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | ||||
| CVE-2023-21560 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-01-01 | 6.6 Medium |
| Windows Boot Manager Security Feature Bypass Vulnerability | ||||
| CVE-2024-39025 | 2024-12-31 | 7.5 High | ||
| Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. | ||||
| CVE-2023-47874 | 1 Perfmatters | 1 Perfmatters | 2024-12-31 | 5.4 Medium |
| Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6. | ||||
| CVE-2023-35149 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-12-30 | 6.5 Medium |
| A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | ||||
| CVE-2022-31644 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | 7.8 High |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||||
| CVE-2022-31646 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2024-12-30 | 7.8 High |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. | ||||
| CVE-2021-4362 | 1 Wpkube | 1 Kiwi Social Share | 2024-12-28 | 9.8 Critical |
| The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version. | ||||
| CVE-2023-36504 | 1 Bbsetheme | 1 Bbs E-popup | 2024-12-26 | 6.5 Medium |
| Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5. | ||||
| CVE-2023-4617 | 2024-12-20 | 10 Critical | ||
| Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9. | ||||
| CVE-2018-9374 | 1 Google | 2 Android, Pixel | 2024-12-18 | 7.8 High |
| In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2017-13316 | 1 Google | 2 Android, Pixel | 2024-12-18 | 8.4 High |
| In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||