Export limit exceeded: 10501 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10501 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29295 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-29296 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2022-47471 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47461 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 6.7 Medium |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | ||||
| CVE-2022-47462 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 6.7 Medium |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | ||||
| CVE-2022-47472 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47473 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47484 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-48367 | 1 Ibexa | 5 Digital Experience Platform, Ez Platform Kernel, Ezplatform-http-cache-fastly and 2 more | 2025-03-04 | 9.8 Critical |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. | ||||
| CVE-2022-4315 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-03-04 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | ||||
| CVE-2023-24999 | 2 Hashicorp, Redhat | 2 Vault, Openshift Data Foundation | 2025-03-03 | 4.4 Medium |
| HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. | ||||
| CVE-2023-25548 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-03-03 | 8.8 High |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-25552 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-03-03 | 8.1 High |
| A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-4997 | 1 Prointegra | 1 Uptimedc | 2025-03-03 | 8.8 High |
| Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | ||||
| CVE-2023-23834 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | ||||
| CVE-2023-23825 | 1 Brainstormforce | 1 Spectra | 2025-03-01 | 3.1 Low |
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | ||||
| CVE-2023-50903 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2025-03-01 | 5.3 Medium |
| Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0. | ||||
| CVE-2024-38810 | 1 Vmware | 1 Spring Security | 2025-02-28 | 6.5 Medium |
| Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. | ||||
| CVE-2023-20926 | 1 Google | 1 Android | 2025-02-28 | 6.8 Medium |
| In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 | ||||
| CVE-2023-21719 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||