Export limit exceeded: 14404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49982 | 2 Oretnom23, Sourcecodester | 2 School Fees Management System, School Fees Management System | 2025-04-16 | 8.8 High |
| Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. | ||||
| CVE-2021-43938 | 1 Smartptt | 1 Scada Server | 2025-04-16 | 8.1 High |
| Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | ||||
| CVE-2025-24407 | 1 Adobe | 1 Commerce B2b | 2025-04-16 | 7.1 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-24409 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | 8.2 High |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-24419 | 1 Adobe | 1 Commerce B2b | 2025-04-16 | 4.3 Medium |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-24420 | 1 Adobe | 1 Commerce B2b | 2025-04-16 | 4.3 Medium |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-21141 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2025-04-16 | 10 Critical |
| MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. | ||||
| CVE-2021-32986 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2025-04-16 | 9.8 Critical |
| After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly. | ||||
| CVE-2020-25167 | 1 Osisoft | 1 Pi Vision | 2025-04-16 | 4.9 Medium |
| OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. | ||||
| CVE-2021-33013 | 1 Myscada | 1 Mypro | 2025-04-16 | 8.2 High |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | ||||
| CVE-2022-1521 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2025-04-16 | 9.1 Critical |
| LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | ||||
| CVE-2024-27915 | 1 Sulu | 1 Sulu | 2025-04-16 | 6.8 Medium |
| Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`. | ||||
| CVE-2024-0199 | 1 Gitlab | 1 Gitlab | 2025-04-16 | 7.7 High |
| An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. | ||||
| CVE-2024-28229 | 1 Jetbrains | 1 Youtrack | 2025-04-16 | 6.5 Medium |
| In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles | ||||
| CVE-2024-27900 | 1 Sap | 1 Abap Platform | 2025-04-16 | 4.3 Medium |
| Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. | ||||
| CVE-2022-22754 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 6.5 Medium |
| If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2022-43872 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2025-04-16 | 5.3 Medium |
| IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. | ||||
| CVE-2025-24436 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-24437 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-16 | 5.4 Medium |
| Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-30477 | 1 Klarna | 1 Klarna For Woocommerce | 2025-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | ||||