Total
820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28973 | 1 Juniper | 1 Junos Os Evolved | 2025-02-06 | 7.1 High |
| An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO. | ||||
| CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2025-02-05 | 7.8 High |
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | ||||
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2025-02-04 | 9.1 Critical |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2024-13694 | 1 Moreconvert | 1 Woocommerce Wishlist | 2025-02-04 | 7.5 High |
| The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to. | ||||
| CVE-2025-0849 | 1 Campcodes | 1 School Management Software | 2025-02-04 | 6.3 Medium |
| A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13646 | 1 Aakashbhagat | 1 Single User Chat | 2025-01-31 | 8.1 High |
| The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update option values to 'login' on the WordPress site. This may be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | ||||
| CVE-2023-2345 | 1 Oretnom23 | 1 Service Provider Management System | 2025-01-30 | 6.3 Medium |
| A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | ||||
| CVE-2023-30467 | 1 Milesight | 40 Ms-n1004-uc, Ms-n1004-uc Firmware, Ms-n1004-upc and 37 more | 2025-01-30 | 7.5 High |
| This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device. | ||||
| CVE-2024-43602 | 1 Microsoft | 1 Azure Cyclecloud | 2025-01-30 | 9.9 Critical |
| Azure CycleCloud Remote Code Execution Vulnerability | ||||
| CVE-2024-38129 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-01-29 | 7.5 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2023-2534 | 1 Otrs | 1 Otrs | 2025-01-29 | 7.6 High |
| Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32. | ||||
| CVE-2023-28318 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-28 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | ||||
| CVE-2023-28317 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-28 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | ||||
| CVE-2022-43465 | 1 Intel | 1 Setup And Configuration Software | 2025-01-27 | 5 Medium |
| Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-45128 | 1 Intel | 1 Endpoint Management Assistant | 2025-01-27 | 5 Medium |
| Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2022-41610 | 1 Intel | 2 Endpoint Management Assistant Configuration Tool, Manageability Commander | 2025-01-27 | 5 Medium |
| Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-28325 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 6.5 Medium |
| An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | ||||
| CVE-2024-3139 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-24 | 5.4 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-26193 | 1 Microsoft | 1 Azure Migrate | 2025-01-23 | 6.4 Medium |
| Azure Migrate Remote Code Execution Vulnerability | ||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-01-22 | 4.3 Medium |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | ||||