Total
2046 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52584 | 1 Autolabproject | 1 Autolab | 2025-01-21 | N/A | 5.4 MEDIUM |
| Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. | |||||
| CVE-2023-23299 | 1 Garmin | 1 Connect-iq | 2025-01-21 | N/A | 7.5 HIGH |
| The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. | |||||
| CVE-2025-0580 | 2025-01-20 | 5.1 MEDIUM | 5.6 MEDIUM | ||
| A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-27384 | 1 Cybozu | 1 Garoon | 2025-01-17 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | |||||
| CVE-2020-36714 | 1 Brizy | 1 Brizy | 2025-01-16 | N/A | 7.4 HIGH |
| The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. | |||||
| CVE-2023-31226 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
| The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-33779 | 1 Xuxueli | 1 Xxl-job | 2025-01-14 | N/A | 8.8 HIGH |
| A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. | |||||
| CVE-2021-26563 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 4.6 MEDIUM | 8.2 HIGH |
| Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-13266 | 2025-01-14 | N/A | 5.3 MEDIUM | ||
| Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | |||||
| CVE-2024-13290 | 2025-01-14 | N/A | 5.3 MEDIUM | ||
| Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | |||||
| CVE-2023-24600 | 1 Open-xchange | 1 Ox App Suite | 2025-01-14 | N/A | 4.3 MEDIUM |
| OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. | |||||
| CVE-2023-28352 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | N/A | 7.4 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled. | |||||
| CVE-2020-9081 | 1 Huawei | 14 Mate 20, Mate 20 Firmware, P30 and 11 more | 2025-01-10 | N/A | 3.5 LOW |
| There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081. | |||||
| CVE-2024-13291 | 2025-01-10 | N/A | 7.3 HIGH | ||
| Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | |||||
| CVE-2024-13302 | 2025-01-10 | N/A | 5.3 MEDIUM | ||
| Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. | |||||
| CVE-2023-25729 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-01-10 | N/A | 8.8 HIGH |
| Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2023-23604 | 1 Mozilla | 1 Firefox | 2025-01-10 | N/A | 6.5 MEDIUM |
| A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. | |||||
| CVE-2024-13282 | 2025-01-10 | N/A | 8.8 HIGH | ||
| Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | |||||
| CVE-2024-13281 | 2025-01-10 | N/A | 9.1 CRITICAL | ||
| Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | |||||
| CVE-2024-13278 | 2025-01-10 | N/A | 9.1 CRITICAL | ||
| Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | |||||