Total
812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22471 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | 3.5 LOW |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | |||||
| CVE-2023-1750 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-11-21 | N/A | 7.1 HIGH |
| The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information. | |||||
| CVE-2023-1749 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute. | |||||
| CVE-2023-1463 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | |||||
| CVE-2023-1462 | 1 Vadi | 1 Digikent | 2024-11-21 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20. | |||||
| CVE-2023-0985 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | N/A | 8.8 HIGH |
| An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account. | |||||
| CVE-2023-0882 | 2 Krontech, Microsoft | 2 Single Connect, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. | |||||
| CVE-2022-4812 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4811 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.3 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | |||||
| CVE-2022-4806 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4803 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4802 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4799 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4798 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4686 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4505 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2022-46179 | 1 Liuos Project | 1 Liuos | 2024-11-21 | N/A | 9.2 CRITICAL |
| LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to "" (no quotes) to null the variable and force credential checks. | |||||
| CVE-2022-43450 | 1 Xwp | 1 Stream | 2024-11-21 | N/A | 4.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |||||
| CVE-2022-42175 | 1 Soluslabs | 1 Solusvm | 2024-11-21 | N/A | 8.8 HIGH |
| Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | |||||
| CVE-2022-41479 | 1 Devexpress | 1 Asp.net Web Forms Controls | 2024-11-21 | N/A | 7.5 HIGH |
| The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. NOTE: the vendor disputes this because the retrieved source code is only the DevExpress client-side application code that is, of course, intentionally readable by web browsers (a site's custom code and data is never accessible via an IDOR approach). | |||||