Total
7122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6598 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). | |||||
| CVE-2024-57757 | 1 Jeewms | 1 Jeewms | 2025-04-18 | N/A | 7.5 HIGH |
| JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. | |||||
| CVE-2022-20556 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
| In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667 | |||||
| CVE-2022-20537 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
| In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169 | |||||
| CVE-2022-20536 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
| In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180 | |||||
| CVE-2022-20533 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
| In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363 | |||||
| CVE-2022-20529 | 1 Google | 1 Android | 2025-04-18 | N/A | 2.4 LOW |
| In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 | |||||
| CVE-2022-20522 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877 | |||||
| CVE-2022-20519 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
| In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678 | |||||
| CVE-2024-1733 | 1 Charlestsmith | 1 Word Replacer Pro | 2025-04-18 | N/A | 5.3 MEDIUM |
| The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site. | |||||
| CVE-2022-20572 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | |||||
| CVE-2025-26968 | 2025-04-17 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5. | |||||
| CVE-2025-31338 | 2025-04-17 | N/A | N/A | ||
| A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality. | |||||
| CVE-2025-23906 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2. | |||||
| CVE-2023-47458 | 1 Bladex | 1 Springblade | 2025-04-17 | N/A | 9.8 CRITICAL |
| An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | |||||
| CVE-2023-6383 | 1 Bowo | 1 Debug Log Manager | 2025-04-17 | N/A | 7.5 HIGH |
| The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data | |||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-1070 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | |||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2025-04-17 | N/A | 6.5 MEDIUM |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | |||||