Total
2262 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26818 | 1 Telegram | 1 Telegram | 2025-01-21 | 5.5 Medium |
| Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | ||||
| CVE-2023-31726 | 1 Alist Project | 1 Alist | 2025-01-21 | 7.5 High |
| AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2024-52584 | 1 Autolabproject | 1 Autolab | 2025-01-21 | 5.4 Medium |
| Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. | ||||
| CVE-2023-23299 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 7.5 High |
| The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. | ||||
| CVE-2023-27384 | 1 Cybozu | 1 Garoon | 2025-01-17 | 4.3 Medium |
| Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | ||||
| CVE-2023-1144 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | ||||
| CVE-2023-1136 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 9.8 Critical |
| In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | ||||
| CVE-2023-1158 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server | 2025-01-16 | 4.3 Medium |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | ||||
| CVE-2020-36714 | 1 Brizy | 1 Brizy | 2025-01-16 | 7.4 High |
| The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. | ||||
| CVE-2023-31226 | 1 Huawei | 1 Emui | 2025-01-15 | 7.5 High |
| The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-33779 | 1 Xuxueli | 1 Xxl-job | 2025-01-14 | 8.8 High |
| A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. | ||||
| CVE-2021-26563 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 8.2 High |
| Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2024-13266 | 2025-01-14 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | ||||
| CVE-2024-13290 | 2025-01-14 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | ||||
| CVE-2023-24600 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | 4.3 Medium |
| OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. | ||||
| CVE-2023-28352 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 7.4 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. | ||||
| CVE-2023-0814 | 1 Cozmoslabs | 1 Profile Builder | 2025-01-13 | 6.5 Medium |
| The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited. | ||||
| CVE-2022-45353 | 1 Muffingroup | 1 Betheme | 2025-01-13 | 4.3 Medium |
| Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | ||||
| CVE-2020-9081 | 1 Huawei | 14 Mate 20, Mate 20 Firmware, P30 and 11 more | 2025-01-10 | 3.5 Low |
| There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081. | ||||
| CVE-2024-13291 | 2025-01-10 | 7.3 High | ||
| Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | ||||