Export limit exceeded: 10809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2024-12-05 | 8.8 High |
| POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | ||||
| CVE-2023-34923 | 1 Topdesk | 1 Topdesk | 2024-12-04 | 8.1 High |
| XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation. | ||||
| CVE-2023-20772 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2024-12-04 | 6.7 Medium |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796. | ||||
| CVE-2023-21185 | 1 Google | 1 Android | 2024-12-04 | 7.8 High |
| In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-266700762 | ||||
| CVE-2023-3114 | 1 Hashicorp | 1 Terraform Enterprise | 2024-12-04 | 5 Medium |
| Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1. | ||||
| CVE-2023-21177 | 1 Google | 1 Android | 2024-12-04 | 5.5 Medium |
| In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410 | ||||
| CVE-2024-11743 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-20773 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2024-12-04 | 7.8 High |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735. | ||||
| CVE-2024-11673 | 1 1000projects | 1 Bookstore Management System | 2024-12-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-34148 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | ||||
| CVE-2023-34147 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | ||||
| CVE-2023-34146 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 7.8 High |
| An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | ||||
| CVE-2023-33895 | 2 Google, Unisoc | 14 Android, S8004, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33894 | 2 Google, Unisoc | 14 Android, S8003, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33893 | 2 Google, Unisoc | 14 Android, S8002, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33892 | 2 Google, Unisoc | 14 Android, S8001, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33891 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30929 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-12-04 | 7.8 High |
| In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2023-30928 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-12-04 | 7.8 High |
| In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2023-30920 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||