Export limit exceeded: 10816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11504 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32796 | 1 Langgenius | 1 Dify | 2025-04-30 | 6.5 Medium |
| Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps. | ||||
| CVE-2021-25973 | 1 Publify Project | 1 Publify | 2025-04-30 | 6.5 Medium |
| In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | ||||
| CVE-2021-25991 | 1 If-me | 1 Ifme | 2025-04-30 | 5.7 Medium |
| In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme. | ||||
| CVE-2022-42126 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | 4.3 Medium |
| The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI. | ||||
| CVE-2024-20291 | 1 Cisco | 81 Nexus 3000 In Standalone Nx-os Mode, Nexus 3048, Nexus 31108pc-v and 78 more | 2025-04-30 | 5.8 Medium |
| A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces. | ||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2025-04-29 | 8.8 High |
| Carel Boss Mini 1.5.0 has Improper Access Control. | ||||
| CVE-2023-42969 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-29 | 3.3 Low |
| An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches. | ||||
| CVE-2025-30729 | 1 Oracle | 1 Communications Order And Service Management | 2025-04-29 | 5.5 Medium |
| Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). | ||||
| CVE-2024-56195 | 1 Apache | 1 Traffic Server | 2025-04-29 | 6.3 Medium |
| Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. | ||||
| CVE-2022-31608 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2025-04-29 | 7.8 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2025-04-29 | 9.8 Critical |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | ||||
| CVE-2022-37774 | 1 Maarch | 1 Maarch Rm | 2025-04-29 | 5.3 Medium |
| There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | ||||
| CVE-2024-46609 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 7.5 High |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | ||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.5 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | ||||
| CVE-2024-47218 | 2 Versoft, Vesoft | 2 Nebulagraph Studio, Nebulagraph Database | 2025-04-28 | 9.8 Critical |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | ||||
| CVE-2024-42797 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 9.8 Critical |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | ||||
| CVE-2024-46607 | 1 Thecosy | 1 Icecms | 2025-04-28 | 7.6 High |
| Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | ||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | 6.5 Medium |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | ||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | 5.3 Medium |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | ||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2025-04-28 | 8.8 High |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | ||||