Export limit exceeded: 10501 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10501 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21034 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834 | ||||
| CVE-2023-21021 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598 | ||||
| CVE-2023-21005 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946 | ||||
| CVE-2023-21004 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664 | ||||
| CVE-2023-21003 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711 | ||||
| CVE-2023-21001 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 | ||||
| CVE-2024-32818 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2025-02-26 | 4.3 Medium |
| Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. | ||||
| CVE-2023-21002 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935 | ||||
| CVE-2023-0940 | 1 Metagauss | 1 Profilegrid | 2025-02-26 | 8.8 High |
| The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones. | ||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2025-02-26 | 4.3 Medium |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | ||||
| CVE-2022-45636 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | 8.1 High |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | ||||
| CVE-2023-25924 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-02-26 | 5.4 Medium |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630. | ||||
| CVE-2023-25923 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-02-26 | 2.7 Low |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629. | ||||
| CVE-2023-1261 | 1 Silabs | 1 Wi-sun Software Development Kit | 2025-02-26 | 8.2 High |
| Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. | ||||
| CVE-2023-1262 | 1 Silabs | 2 Wireless Smart Ubiquitous Network Linux Border Router, Wireless Smart Ubiquitous Network Linux Border Router Firmware | 2025-02-26 | 8.2 High |
| Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | ||||
| CVE-2024-22133 | 1 Sap | 1 Fiori Front End Server | 2025-02-26 | 4.6 Medium |
| SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application. | ||||
| CVE-2023-0890 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-02-26 | 6.5 Medium |
| The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts | ||||
| CVE-2023-23672 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.4 Medium |
| Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | ||||
| CVE-2023-47183 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.3 Medium |
| Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | ||||
| CVE-2023-28672 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 6.5 Medium |
| Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||