Total
3781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1736 | 2025-02-07 | 9.8 Critical | ||
| Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | ||||
| CVE-2024-13457 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | 5.3 Medium |
| The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view order details of orders they did not place, which includes ticket prices, user emails and order date. | ||||
| CVE-2020-2506 | 1 Qnap | 1 Helpdesk | 2025-02-07 | 7.3 High |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||||
| CVE-2025-0582 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-02-07 | 4.7 Medium |
| A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigphoto leads to unrestricted upload. The attack can be initiated remotely. | ||||
| CVE-2023-27350 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-02-07 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | ||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2025-02-07 | 5.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2024-3270 | 1 Thingsboard | 1 Thingsboard | 2025-02-07 | 3.8 Low |
| A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7. | ||||
| CVE-2024-33898 | 1 Axiros | 1 Axess | 2025-02-06 | 9.8 Critical |
| Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | 5.4 Medium |
| Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2019-1653 | 1 Cisco | 4 Rv320, Rv320 Firmware, Rv325 and 1 more | 2025-02-06 | 7.5 High |
| A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. | ||||
| CVE-2024-47758 | 1 Glpi-project | 1 Glpi | 2025-02-06 | 8.8 High |
| GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2022-36789 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2025-02-05 | 7.5 High |
| Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-29513 | 1 Xwiki | 1 Xwiki | 2025-02-05 | 5 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading. | ||||
| CVE-2023-30539 | 1 Nextcloud | 2 Nextcloud Files Automated Tagging, Nextcloud Server | 2025-02-05 | 6.5 Medium |
| Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Server is upgraded to 24.0.11 or 25.0.5, the Nextcloud Enterprise Server to 21.0.9.11, 22.2.10.11, 23.0.12.6, 24.0.11 or 25.0.5, and the Nextcloud Files automated tagging app to 1.11.1, 1.12.1, 1.13.1, 1.14.2, 1.15.3 or 1.16.1. Users unable to upgrade should disable all workflow related apps. Users are advised to upgrade. | ||||
| CVE-2023-52164 | 2025-02-05 | 5.1 Medium | ||
| access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-29924 | 1 Powerjob | 1 Powerjob | 2025-02-05 | 9.8 Critical |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | ||||
| CVE-2023-29922 | 1 Powerjob | 1 Powerjob | 2025-02-05 | 5.3 Medium |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | ||||
| CVE-2023-29921 | 1 Powerjob | 1 Powerjob | 2025-02-05 | 5.3 Medium |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. | ||||
| CVE-2023-29586 | 1 Codesector | 1 Teracopy | 2025-02-05 | 5.5 Medium |
| Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b. | ||||
| CVE-2022-35276 | 1 Intel | 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more | 2025-02-05 | 7.5 High |
| Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||