| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
| In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed. |
| In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed. |
| In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed. |
| In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
| In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. |
| A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce |
| The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example |
| XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1. |
