Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0336 | 1 Cisco | 1 Prime Collaboration | 2024-11-29 | N/A |
| A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could exploit this vulnerability by uploading a batch file and having the batch file processed by the system. A successful exploit could allow the attacker to escalate privileges to the Administrator level. Cisco Bug IDs: CSCvd86578. | ||||
| CVE-2023-36144 | 1 Intelbras | 2 Sg 2404 Mr, Sg 2404 Mr Firmware | 2024-11-27 | 7.5 High |
| An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. | ||||
| CVE-2023-36607 | 1 Ovarro | 10 Tbox Lt2, Tbox Lt2 Firmware, Tbox Ms-cpu32 and 7 more | 2024-11-26 | 5.3 Medium |
| The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents. | ||||
| CVE-2024-35669 | 1 Bowo | 1 Debug Log Manager | 2024-11-26 | 4.3 Medium |
| Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. | ||||
| CVE-2024-35660 | 2 Jeweltheme, Master-addons | 2 Master Addons For Elementor, Master Addons | 2024-11-26 | 6.5 Medium |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | ||||
| CVE-2023-47573 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-26 | 8.8 High |
| An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions. | ||||
| CVE-2022-20941 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.3 Medium |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | ||||
| CVE-2024-31252 | 1 Dfactory | 1 Responsive Lightbox \& Gallery | 2024-11-26 | 4.3 Medium |
| Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6. | ||||
| CVE-2024-31261 | 1 Aakashweb | 1 Announcer | 2024-11-26 | 4.3 Medium |
| Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0. | ||||
| CVE-2024-33565 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-11-26 | 9.1 Critical |
| Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
| CVE-2024-34435 | 1 Coderevolution | 1 Aiomatic | 2024-11-26 | 4.3 Medium |
| Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. | ||||
| CVE-2018-15429 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-11-26 | 5.3 Medium |
| A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data. | ||||
| CVE-2024-9756 | 1 Directsoftware | 1 Order Attachments For Woocommerce | 2024-11-25 | 4.3 Medium |
| The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. | ||||
| CVE-2024-8272 | 1 Universal Audio | 1 Uaconnect | 2024-11-25 | 7.8 High |
| The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root. | ||||
| CVE-2024-0122 | 2024-11-25 | 7.6 High | ||
| NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. | ||||
| CVE-2024-0138 | 1 Nvidia | 1 Base Command Manager | 2024-11-24 | 9.8 Critical |
| NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2023-36624 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | 7.8 High |
| Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement. | ||||
| CVE-2024-6806 | 1 Ni | 1 Veristand | 2024-11-21 | 9.8 Critical |
| The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions. | ||||
| CVE-2024-6805 | 1 Ni | 1 Veristand | 2024-11-21 | 7.5 High |
| The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions. | ||||
| CVE-2024-6760 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 High |
| A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | ||||