Total
4416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0963 | 1 Music Gallery Site Project | 1 Music Gallery Site | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability. | |||||
| CVE-2023-0811 | 1 Omron | 256 Sysmac Cj2h-cpu64, Sysmac Cj2h-cpu64-eip, Sysmac Cj2h-cpu64-eip Firmware and 253 more | 2026-06-17 | N/A | 9.1 CRITICAL |
| Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. | |||||
| CVE-2023-0744 | 1 Answer | 1 Answer | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | |||||
| CVE-2023-0661 | 1 Devolutions | 1 Devolutions Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | |||||
| CVE-2023-0451 | 1 Econolite | 1 Eos | 2026-06-17 | N/A | 7.5 HIGH |
| Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians. | |||||
| CVE-2023-0319 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 5.8 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only. | |||||
| CVE-2023-0017 | 1 Sap | 1 Netweaver Application Server For Java | 2026-06-17 | N/A | 9.4 CRITICAL |
| An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | |||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2026-06-17 | N/A | 6.4 MEDIUM |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | |||||
| CVE-2022-4814 | 1 Usememos | 1 Memos | 2026-06-17 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4810 | 1 Usememos | 1 Memos | 2026-06-17 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4809 | 1 Usememos | 1 Memos | 2026-06-17 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4807 | 1 Usememos | 1 Memos | 2026-06-17 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4724 | 1 Ikus-soft | 1 Rdiffweb | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4711 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. | |||||
| CVE-2022-4709 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library. | |||||
| CVE-2022-4708 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed. | |||||
| CVE-2022-4705 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. | |||||
| CVE-2022-4704 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 5.4 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings. | |||||
| CVE-2022-4703 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data. | |||||
| CVE-2022-4702 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-06-17 | N/A | 5.4 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues. | |||||
