Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30179 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 4.3 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries. | ||||
| CVE-2025-24920 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 4.3 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels | ||||
| CVE-2025-1507 | 1 Sharethis | 1 Dashboard For Google Analytics | 2025-03-27 | 5.3 Medium |
| The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features. | ||||
| CVE-2024-12810 | 1 Chimpgroup | 1 Jobcareer | 2025-03-27 | 8.8 High |
| The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings. | ||||
| CVE-2025-1408 | 1 Metagauss | 1 Profilegrid | 2025-03-27 | 4.3 Medium |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only. | ||||
| CVE-2023-24029 | 1 Progress | 1 Ws Ftp Server | 2025-03-26 | 7.2 High |
| In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | ||||
| CVE-2022-47450 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-47333 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-47332 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-47330 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-44421 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure. | ||||
| CVE-2021-36225 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2025-03-26 | 8.8 High |
| Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. | ||||
| CVE-2023-25014 | 1 In2code | 1 Femanager | 2025-03-26 | 8.6 High |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. | ||||
| CVE-2022-42909 | 1 Wepanow | 1 Print Away | 2025-03-26 | 6.5 Medium |
| WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. | ||||
| CVE-2022-47367 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 4.8 Medium |
| In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47325 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.4 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-47324 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.4 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2023-0678 | 1 Phpipam | 1 Phpipam | 2025-03-26 | 5.3 Medium |
| Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. | ||||
| CVE-2022-47361 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 7.8 High |
| In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | ||||
| CVE-2022-47360 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||