Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26026 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. | ||||
| CVE-2021-26025 | 1 Acdsee | 1 Photo Studio 2021 | 2024-11-21 | 7.8 High |
| PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. | ||||
| CVE-2021-25954 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.3 Medium |
| In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint. | ||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | ||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | ||||
| CVE-2021-25740 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 3.1 Low |
| A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||||
| CVE-2021-25519 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | ||||
| CVE-2021-25506 | 1 Samsung | 1 Health | 2024-11-21 | 4 Medium |
| Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | ||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2024-11-21 | 7.8 High |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||||
| CVE-2021-25410 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | ||||
| CVE-2021-25409 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. | ||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2024-11-21 | 6.5 Medium |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | ||||
| CVE-2021-25356 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | ||||
| CVE-2021-25344 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | ||||
| CVE-2021-25116 | 1 Enqueue Anything Project | 1 Enqueue Anything | 2024-11-21 | 6.5 Medium |
| The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. | ||||
| CVE-2021-25097 | 1 Creativityjuice | 1 Labtools | 2024-11-21 | 6.5 Medium |
| The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication | ||||
| CVE-2021-25095 | 1 Ip2location | 1 Country Blocker | 2024-11-21 | 7.1 High |
| The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | ||||
| CVE-2021-25093 | 1 Ylefebvre | 1 Link Library | 2024-11-21 | 7.5 High |
| The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | ||||
| CVE-2021-25084 | 1 Bracketspace | 1 Advanced Cron Manager | 2024-11-21 | 4.3 Medium |
| The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example | ||||
| CVE-2021-25075 | 1 Wpdevart | 1 Duplicate Page Or Post | 2024-11-21 | 3.5 Low |
| The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues | ||||