CWE:
 

Topic
Date
Author
High
Dovecot IMAP Server 2.2 Improper Access Control
08.07.2022
Julian Brook
High
Voltage SecureMail Server Business Logic Bypass
07.02.2022
TING Meng Yean
Low
WordPress Modern Events Calendar 5.16.2 Information Disclosure
02.07.2021
Ron Jost
Med.
Realteo WordPress Plugin <= 1.2.3 - Improper Access Control
02.04.2021
m0ze
Med.
Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
23.03.2021
m0ze
Med.
Barco wePresent Undocumented SSH Interface
21.11.2020
Jim Becher
Med.
Reliable Services Improper Access Control
12.05.2020
KingSkrupellos
Med.
ThinkTrek Solutions Improper Access Control
11.05.2020
KingSkrupellos
Med.
Native Sparrow Improper Access Control
11.05.2020
KingSkrupellos
Med.
MediaCosmo CMS Improper Access Control
11.05.2020
KingSkrupellos
Med.
Avast Secure Browser 76.0.1659.101 Local Privilege Escalation
21.03.2020
Silton Santos
High
Avira Free Security Suite 2019 Software Updater 2.0.6.13175 Improper Access Control
06.08.2019
Silton Santos
Low
Yurdum Software Reflected XSS Privilege Escalation
17.06.2019
KingSkrupellos
Med.
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
23.05.2019
Benjamin Hess
Med.
AlumniMagnet OmniMagnet Improper Access Control Vulnerability
20.05.2019
KingSkrupellos
Med.
Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure
11.05.2019
TING Meng Yean
Med.
Designed by Longtail E-Media Improper Access Control and RFU Vulnerability
22.09.2018
AYAR
Low
WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
05.09.2018
KingSkrupellos
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
Med.
SAP HANA Information Disclosure
28.05.2015
onapsis
High
TheCartPress WordPress plugin 1.3.9 Multiple Vulns
29.04.2015
High-Tech Bridge Secur...
Low
SAP Background Processing RFC Missing Authorization
29.04.2014
Onapsis
Low
SAP BASIS Missing Authorization Check
29.04.2014
Onapsis
Low
SAP Profile Maintenance Missing Authorization
29.04.2014
Onapsis
High
OpenDocMan 1.2.7 Multiple Vulnerabilities
05.03.2014
High-Tech Bridge Secur...
High
Microweber 0.8 Arbitrary File Deletion
18.10.2013
High-Tech Bridge Secur...
High
Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference and bypass
16.10.2012
High-Tech Bridge Secur...
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
AWScripts Gallery Search Engine 1.x Insecure Cookie Vulnerability
01.07.2009
TiGeR-Dz


CVEMAP Search Results

CVE
Details
Description
2022-08-08
Waiting for details
CVE-2022-2702

Updating...
 

 
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability.

 
Waiting for details
CVE-2022-1323

Updating...
 

 
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

 
2022-08-05
Waiting for details
CVE-2022-27660

Updating...
 

 
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.

 
Waiting for details
CVE-2022-27185

Updating...
 

 
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.

 
Waiting for details
CVE-2022-26346

Updating...
 

 
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.

 
2022-08-02
Waiting for details
CVE-2022-2631

Updating...
 

 
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.

 
2022-07-29
Waiting for details
CVE-2022-2578

Updating...
 

 
A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

 
2022-06-27
Waiting for details
CVE-2022-2088

Updating...
 

 
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.

 
2022-06-24
Waiting for details
CVE-2022-2103

Updating...
 

 
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.

 
2022-06-13
Medium
CVE-2022-1656

Vendor: Artbees
Software: Jupiter x core
 

 

 

 


Copyright 2022, cxsecurity.com

 

Back to Top