Search Results (11799 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39914 1 Google 1 Android 2025-04-23 4 Medium
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
CVE-2022-46792 1 Hasura 1 Graphql Engine 2025-04-23 8.8 High
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. (Versions before 2.10.0 are unaffected.)
CVE-2022-39099 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39098 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39097 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39096 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39095 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39094 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39093 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39092 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39091 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39090 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-45956 1 Boa 1 Boa 2025-04-22 5.3 Medium
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
CVE-2022-45760 1 Sens Project 1 Sens 2025-04-22 8.8 High
SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.
CVE-2022-3946 1 Welcart 1 Welcart E-commerce 2025-04-22 6.5 Medium
The Welcart e-Commerce WordPress plugin before 2.8.4 does not have authorisation and CSRF in an AJAX action, allowing any logged-in user to create, update and delete shipping methods.
CVE-2022-3881 1 Wptools Project 1 Wptools 2025-04-22 5.7 Medium
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-3880 1 Antihacker Project 1 Antihacker 2025-04-22 6.5 Medium
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-3879 1 Car Dealer Project 1 Car Dealer 2025-04-22 6.5 Medium
The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-20240 1 Google 1 Android 2025-04-22 2.3 Low
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105
CVE-2024-20032 2 Google, Mediatek 36 Android, Mt6580, Mt6739 and 33 more 2025-04-22 6.7 Medium
In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020.