Total
2302 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2305 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation. | ||||
| CVE-2017-6672 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-20 | N/A |
| A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870. | ||||
| CVE-2017-7505 | 1 Theforeman | 1 Foreman | 2025-04-20 | N/A |
| Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | ||||
| CVE-2017-17067 | 1 Splunk | 1 Splunk | 2025-04-20 | N/A |
| Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks. | ||||
| CVE-2017-14140 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. | ||||
| CVE-2022-20558 | 1 Google | 1 Android | 2025-04-18 | 3.3 Low |
| In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289 | ||||
| CVE-2022-20572 | 2 Google, Redhat | 2 Android, Enterprise Linux | 2025-04-18 | 6.7 Medium |
| In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | ||||
| CVE-2024-30616 | 1 Chamilo | 1 Chamilo Lms | 2025-04-18 | 8.8 High |
| Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity. | ||||
| CVE-2025-3453 | 2025-04-17 | 5.3 Medium | ||
| The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'password_protected_cookie' function. This makes it possible for unauthenticated attackers to extract sensitive data including all protected site content if the 'Use Transient' setting is enabled. | ||||
| CVE-2022-1746 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.6 High |
| The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. | ||||
| CVE-2024-48237 | 1 Wtcms Project | 1 Wtcms | 2025-04-17 | 9.8 Critical |
| WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php. | ||||
| CVE-2024-48936 | 1 Schedmd | 1 Slurm | 2025-04-17 | 5 Medium |
| SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration. | ||||
| CVE-2023-46906 | 1 Juzaweb | 1 Cms | 2025-04-17 | 4.9 Medium |
| juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated. | ||||
| CVE-2024-21736 | 1 Sap | 1 S\/4hana Finance | 2025-04-17 | 6.4 Medium |
| SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application. | ||||
| CVE-2021-32960 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2025-04-17 | 8.5 High |
| Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. | ||||
| CVE-2025-24421 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-04-17 | 4.3 Medium |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction | ||||
| CVE-2022-41962 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 2.7 Low |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds. | ||||
| CVE-2022-23490 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 4.3 Medium |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds. | ||||
| CVE-2022-23488 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-04-17 | 6.5 Medium |
| BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds. | ||||
| CVE-2022-46076 | 1 Dlink | 4 Dir-869, Dir-869 Firmware, Dir-869ax and 1 more | 2025-04-17 | 7.5 High |
| D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. | ||||