Export limit exceeded: 12149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12149 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21039 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-03-27 | 6.1 Medium |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2023-52359 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | 7.5 High |
| Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2022-43978 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.6 Medium |
| There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | ||||
| CVE-2023-52373 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | 7.5 High |
| Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing. | ||||
| CVE-2024-5687 | 1 Mozilla | 1 Firefox | 2025-03-27 | 5.3 Medium |
| If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the `Referer` and `Sec-*` headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 127. | ||||
| CVE-2022-30421 | 1 Toshiba | 1 Storage Security Software | 2025-03-27 | 7.8 High |
| Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | ||||
| CVE-2020-20402 | 1 Portfoliocms Project | 1 Portfoliocms | 2025-03-27 | 7.5 High |
| Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | ||||
| CVE-2024-51995 | 1 Combodo | 1 Itop | 2025-03-27 | 7.1 High |
| Combodo iTop is a web based IT Service Management tool. An attacker can request any `route` we want as long as we specify an `operation` that is allowed. This issue has been addressed in version 3.2.0 by applying the same access control pattern as in `UI.php` to the `ajax.render.php` page which does not allow arbitrary `routes` to be dispatched. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-20911 | 1 Oracle | 1 Audit Vault And Database Firewall | 2025-03-27 | 2.6 Low |
| Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N). | ||||
| CVE-2025-2687 | 1 Phpgurukul | 1 Elearning System | 2025-03-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41246 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2025-03-27 | 5.3 Medium |
| An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard. | ||||
| CVE-2024-25063 | 1 Hikvision | 1 Hikcentral Professional | 2025-03-27 | 7.5 High |
| Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. | ||||
| CVE-2024-20943 | 1 Oracle | 1 Knowledge Management | 2025-03-27 | 5.4 Medium |
| Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2023-38367 | 1 Ibm | 2 Cloud Pak For Automation, Cloud Pak For Business Automation | 2025-03-27 | 6.5 Medium |
| IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker to view, update, delete or create an IdP configuration. IBM X-Force ID: 261130. | ||||
| CVE-2022-47699 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2025-03-27 | 9.8 Critical |
| COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control. | ||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2025-03-27 | 9.8 Critical |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | ||||
| CVE-2023-52375 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-26 | 5.5 Medium |
| Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-4041 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 5.9 Medium |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | ||||
| CVE-2022-4441 | 1 Hitachi | 1 Storage Plug-in | 2025-03-26 | 7.6 High |
| Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | ||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2025-03-26 | 4.3 Medium |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | ||||