Total
5461 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2025-02-20 | 5.3 Medium |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | ||||
| CVE-2022-45369 | 1 Richplugins | 1 Plugin For Google Reviews | 2025-02-20 | 4.3 Medium |
| Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | ||||
| CVE-2022-42459 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-02-20 | 7.2 High |
| Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | ||||
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2025-02-13 | 6.5 Medium |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | ||||
| CVE-2024-22452 | 1 Dell | 1 Display And Peripheral Manager | 2025-01-31 | 7.3 High |
| Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation. | ||||
| CVE-2024-56444 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 7.5 High |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.2 Medium |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-56436 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2022-36246 | 1 Shopbeat | 1 Shop Beat Media Player | 2025-01-13 | 9.8 Critical |
| Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions. | ||||
| CVE-2023-52955 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.5 Medium |
| Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-54112 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 5.5 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-54104 | 1 Huawei | 1 Harmonyos | 2024-12-12 | 6.2 Medium |
| Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-32996 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 6.2 Medium |
| Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-52721 | 1 Huawei | 1 Harmonyos | 2024-12-09 | 6.2 Medium |
| The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2022-1548 | 1 Mattermost | 1 Playbooks | 2024-12-06 | 3.7 Low |
| Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | ||||
| CVE-2018-0089 | 1 Cisco | 1 Policy Suite | 2024-12-02 | N/A |
| A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666. | ||||
| CVE-2018-0092 | 1 Cisco | 20 Nexus 92160yc Switch, Nexus 92300yc Switch, Nexus 92304qc Switch and 17 more | 2024-12-02 | N/A |
| A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the network-operator role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. The attacker would need valid user credentials for the device. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 3600 Platform Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvg21120. | ||||
| CVE-2018-0095 | 1 Cisco | 1 Asyncos | 2024-12-02 | N/A |
| A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726. | ||||
| CVE-2018-0096 | 1 Cisco | 1 Prime Infrastructure | 2024-12-02 | N/A |
| A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875. | ||||
| CVE-2018-0130 | 1 Cisco | 1 Virtual Managed Services | 2024-12-02 | N/A |
| A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg30884. | ||||