CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 4692 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-20572	2 Google, Redhat	2 Android, Enterprise Linux	2025-04-18	6.7 Medium
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel
CVE-2025-25953			2025-04-18	9.1 Critical
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
CVE-2025-3124			2025-04-18	N/A
A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2.
CVE-2025-23773			2025-04-17	6.5 Medium
Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: from n/a through 1.1.1.
CVE-2025-24737			2025-04-17	6.5 Medium
Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Helper Premium: from n/a through 4.6.1.
CVE-2025-26968			2025-04-17	7.5 High
Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5.
CVE-2025-23906			2025-04-17	6.5 Medium
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
CVE-2025-27310			2025-04-17	6.5 Medium
Missing Authorization vulnerability in Radius of Thought Page and Post Lister allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page and Post Lister: from n/a through 1.2.1.
CVE-2025-24577			2025-04-17	6.5 Medium
Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.
CVE-2025-31338			2025-04-17	N/A
A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.
CVE-2025-23958			2025-04-17	6.5 Medium
Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Wysiwyg Background Color: from n/a through 1.0.
CVE-2025-24581			2025-04-17	6.5 Medium
Missing Authorization vulnerability in Themefic Instantio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Instantio: from n/a through 3.3.7.
CVE-2025-24583			2025-04-17	6.5 Medium
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5.
CVE-2025-39457			2025-04-17	5.3 Medium
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8.
CVE-2025-32593			2025-04-17	8.2 High
Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Add Product Frontend for WooCommerce: from n/a through 1.0.6.
CVE-2025-32620			2025-04-17	7.1 High
Missing Authorization vulnerability in fromdoppler Doppler Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Doppler Forms: from n/a through 2.4.5.
CVE-2025-39532			2025-04-17	7.5 High
Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spice Blocks: from n/a through 2.0.7.1.
CVE-2025-39554			2025-04-17	6.5 Medium
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.
CVE-2025-39580			2025-04-17	5.8 Medium
Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.
CVE-2025-39583			2025-04-17	7.1 High
Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2.

« first previous Page 4 of 235. next last »