Export limit exceeded: 14251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37774 | 1 Maarch | 1 Maarch Rm | 2025-04-29 | 5.3 Medium |
| There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL (https://{url}/tmp/{MD5 hash of the document}) is then accessible without authentication. | ||||
| CVE-2024-46609 | 2 Icecms Project, Thecosy | 2 Icecms, Icecms | 2025-04-28 | 7.5 High |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | ||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | 6.5 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | ||||
| CVE-2024-47218 | 2 Versoft, Vesoft | 2 Nebulagraph Studio, Nebulagraph Database | 2025-04-28 | 9.8 Critical |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | ||||
| CVE-2024-42797 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 9.8 Critical |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | ||||
| CVE-2024-46607 | 1 Thecosy | 1 Icecms | 2025-04-28 | 7.6 High |
| Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | ||||
| CVE-2024-42021 | 1 Veeam | 1 One | 2025-04-28 | 6.5 Medium |
| An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | ||||
| CVE-2024-42022 | 1 Veeam | 1 One | 2025-04-28 | 5.3 Medium |
| An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | ||||
| CVE-2024-42023 | 1 Veeam | 1 One | 2025-04-28 | 8.8 High |
| An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | ||||
| CVE-2024-44571 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | ||||
| CVE-2024-42794 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 4.7 Medium |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | ||||
| CVE-2024-42795 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 4.2 Medium |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | ||||
| CVE-2024-42796 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 5.9 Medium |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | ||||
| CVE-2024-38909 | 2 Std42, Studio42 | 2 Elfinder, Elfinder | 2025-04-28 | 9.8 Critical |
| Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. | ||||
| CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2025-04-28 | 9.8 Critical |
| A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | ||||
| CVE-2022-37931 | 1 Hp | 1 Nonstop Netbatch-plus | 2025-04-25 | 7.3 High |
| A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details. | ||||
| CVE-2023-47422 | 1 Tenda | 8 Ax12, Ax12 Firmware, Ax3 and 5 more | 2025-04-25 | 8.8 High |
| An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. | ||||
| CVE-2024-20065 | 2 Google, Mediatek | 14 Android, Mt6768, Mt6781 and 11 more | 2025-04-25 | 4 Medium |
| In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394. | ||||
| CVE-2022-36133 | 1 Epson | 18 Tm-c3500, Tm-c3500 Firmware, Tm-c3510 and 15 more | 2025-04-25 | 9.1 Critical |
| The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | ||||
| CVE-2024-44843 | 1 Steve-community | 1 Steve | 2025-04-25 | 5.9 Medium |
| An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests. | ||||