Export limit exceeded: 23776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10542 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10542 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47832 | 1 Searchiq | 1 Searchiq | 2025-06-09 | 5.3 Medium |
| Missing Authorization vulnerability in searchiq SearchIQ allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through 4.4. | ||||
| CVE-2023-47770 | 1 Muffingroup | 1 Betheme | 2025-06-09 | 7.6 High |
| Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1. | ||||
| CVE-2025-24860 | 1 Apache | 1 Cassandra | 2025-06-09 | 5.4 Medium |
| Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue. | ||||
| CVE-2023-41953 | 2 Profilepress, Properfraction | 2 Profilepress, Profilepress | 2025-06-09 | 5.3 Medium |
| Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1. | ||||
| CVE-2023-50882 | 2 Profilepress, Properfraction | 2 Profilepress, Profilepress | 2025-06-09 | 5.3 Medium |
| Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2. | ||||
| CVE-2023-49835 | 1 Metaphorcreations | 1 Post Duplicator | 2025-06-09 | 4.3 Medium |
| Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31. | ||||
| CVE-2023-48774 | 1 Northernbeacheswebsites | 1 Ideapush | 2025-06-09 | 5.4 Medium |
| Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. | ||||
| CVE-2019-3842 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2025-06-09 | 7.0 High |
| In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". | ||||
| CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | 8.8 High |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | ||||
| CVE-2025-5521 | 1 5kcrm | 1 Wukongcrm | 2025-06-09 | 4.3 Medium |
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28159 | 1 Jenkins | 1 Subversion Partial Release Manager | 2025-06-06 | 4.3 Medium |
| A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. | ||||
| CVE-2023-41802 | 1 Heateor | 1 Super Socializer | 2025-06-05 | 4.3 Medium |
| Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54. | ||||
| CVE-2023-41695 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | 3.5 Low |
| Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0. | ||||
| CVE-2022-46795 | 1 Tychesoftwares | 1 Print Invoice \& Delivery Notes For Woocommerce | 2025-06-05 | 6.5 Medium |
| Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2. | ||||
| CVE-2022-45830 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | 6.5 Medium |
| Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. | ||||
| CVE-2022-2989 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2025-06-05 | 7.1 High |
| An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2024-47148 | 1 Honor | 1 Magicos | 2025-06-05 | 4 Medium |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2024-47157 | 1 Honor | 1 Magicos | 2025-06-05 | 2.9 Low |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2025-06-04 | 6.3 Medium |
| Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||||
| CVE-2025-1557 | 1 Ofcms Project | 1 Ofcms | 2025-06-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||