Search Results (8512 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-44434 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44424 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44423 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44422 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-39104 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.
CVE-2022-39088 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39087 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39086 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39085 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-44435 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 5.5 Medium
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-4102 1 Royal-elementor-addons 1 Royal Elementor Addons 2025-04-09 3.1 Low
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug.
CVE-2022-3923 1 Activecampaign 1 Activecampaign For Woocommerce 2025-04-09 4.3 Medium
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
CVE-2024-53473 1 Wegia 1 Wegia 2025-04-09 7.5 High
WeGIA 3.2.0 before 3998672 does not verify permission to change a password.
CVE-2023-39993 1 Wpmet 1 Elements Kit Elementor Addons 2025-04-09 4.3 Medium
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.
CVE-2022-4103 1 Royal-elementor-addons 1 Royal Elementor Addons 2025-04-09 4.3 Medium
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title
CVE-2024-53258 1 Autolabproject 1 Autolab 2025-04-07 5.3 Medium
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature.
CVE-2023-38386 1 Ninjaforms 1 Ninja Forms 2025-04-07 7.6 High
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
CVE-2020-22007 1 Okerthai 2 G955v1, G955v1 Firmware 2025-04-04 6.8 Medium
OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.
CVE-2024-38748 2 Theinnovs, Thelnnovs 2 Eleforms, Eleforms 2025-04-04 5.3 Medium
Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9.
CVE-2024-43142 1 Themeum 1 Tutor Lms 2025-04-04 4.3 Medium
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.