Export limit exceeded: 10566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4606 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2024-11-21 | 8.1 High |
| An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | ||||
| CVE-2023-4468 | 1 Poly | 4 Lens, Trio 8800, Trio 8800 Firmware and 1 more | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. | ||||
| CVE-2023-4434 | 1 Hamza417 | 1 Inure | 2024-11-21 | 6.1 Medium |
| Missing Authorization in GitHub repository hamza417/inure prior to build88. | ||||
| CVE-2023-4302 | 1 Jenkins | 1 Fortify | 2024-11-21 | 4.2 Medium |
| A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-4227 | 1 Moxa | 3 Iologik 4000 Series, Iologik E4200, Iologik E4200 Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. | ||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | ||||
| CVE-2023-4164 | 1 Google | 2 Android, Pixel | 2024-11-21 | 8.4 High |
| There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | ||||
| CVE-2023-4124 | 1 Answer | 1 Answer | 2024-11-21 | 6.5 Medium |
| Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. | ||||
| CVE-2023-4107 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 6.7 Medium |
| Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name. | ||||
| CVE-2023-4106 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 6.3 Medium |
| Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks. | ||||
| CVE-2023-4105 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 3.1 Low |
| Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message | ||||
| CVE-2023-49980 | 1 Sourcecodester | 1 Best Student Result Management System | 2024-11-21 | 7.5 High |
| A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. | ||||
| CVE-2023-49949 | 1 Passwork | 1 Passwork | 2024-11-21 | 8.1 High |
| Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | ||||
| CVE-2023-49947 | 1 Forgejo | 1 Forgejo | 2024-11-21 | 7.5 High |
| Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. | ||||
| CVE-2023-49742 | 2024-11-21 | 9.9 Critical | ||
| Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. | ||||
| CVE-2023-49652 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 2.7 Low |
| Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. | ||||
| CVE-2023-49273 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.4 Medium |
| Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | ||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | ||||
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | ||||