Export limit exceeded: 12613 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12613 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27268 1 Sap 1 Netweaver Application Server For Java 2025-02-27 5.3 Medium
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.
CVE-2023-25957 1 Mendix 1 Saml 2025-02-27 9.1 Critical
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled.
CVE-2023-4612 1 Apereo 1 Central Authentication Service 2025-02-26 9.8 Critical
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
CVE-2023-28609 1 Ansible-semaphore 1 Ansible Semaphore 2025-02-26 9.8 Critical
api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.
CVE-2023-21452 1 Samsung 1 Android 2025-02-26 3.3 Low
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.
CVE-2023-21454 1 Samsung 1 Android 2025-02-26 2.4 Low
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.
CVE-2023-21455 1 Samsung 2 Exynos, Exynos Firmware 2025-02-26 5.9 Medium
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
CVE-2022-46774 1 Ibm 2 Manage Application, Maximo Application Suite 2025-02-26 5.4 Medium
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.
CVE-2023-21460 1 Samsung 1 Android 2025-02-26 4.4 Medium
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
CVE-2023-27087 1 Xuxueli 1 Xxl-job 2025-02-26 7.5 High
Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.
CVE-2024-45425 2025-02-26 4.9 Medium
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2022-46773 1 Ibm 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak 2025-02-26 4.3 Medium
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
CVE-2023-21457 1 Samsung 1 Android 2025-02-26 4.1 Medium
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
CVE-2023-27875 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2025-02-26 7.5 High
IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2023-31341 1 Amd 2 Amd Uprof, Uprof 2025-02-26 7.3 High
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.
CVE-2025-1024 1 Churchcrm 1 Churchcrm 2025-02-25 4.8 Medium
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application.
CVE-2023-28668 1 Jenkins 1 Role-based Authorization Strategy 2025-02-25 9.8 Critical
Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.
CVE-2024-13692 1 Wpswings 1 Return Refund And Exchange For Woocommerce 2025-02-25 5.4 Medium
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to overwrite linked refund image attachments, overwrite refund request message, overwrite order messages, and read order messages of other users.
CVE-2024-36259 2025-02-25 7.5 High
Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.
CVE-2024-12368 2025-02-25 8.1 High
Improper access control in the auth_oauth module of Odoo Community 15.0 and Odoo Enterprise 15.0 allows an internal user to export the OAuth tokens of other users.