Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
OX Documents 7.10.5 Improper Authorization
21.07.2021
Martin Heiland
Med.
CTFd 2.1.5 Administrator Account Takeover
04.01.2020
Social Engineering Neo
Med.
Microsoft Windows Task Scheduler Local Privilege Escalation
22.07.2019
Social Engineering Neo
Med.
Slims CMS Akasia 8.3.1 SQL Injection
22.05.2019
KingSkrupellos
Med.
Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
19.05.2019
KingSkrupellos
Med.
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
07.11.2018
Matthew Bergin
Low
SAP Business Objects Unauthorized Audit Information Access
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized Audit Information Delete
26.02.2015
Onapsis
Low
SAP Business Objects Information Disclosure Via CORBA
09.10.2014
Will Vandevanter
Med.
SAP Business Warehouse Missing Authorization Check
09.10.2014
Will Vandevanter
Med.
SAP Business Objects Denial Of Service Via CORBA
09.10.2014
Will Vandevanter
Med.
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
15.11.2013
Pedro Andujar
High
Zoom Telephonics Multiple Vulns
03.09.2013
K Lovett
CVEMAP Search Results
CVE
Details
Description
2022-04-28
CVE-2021-43939
Updating...
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.
2022-02-15
Low
CVE-2022-0587
Vendor:
Librenms
Software:
Librenms
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
2022-01-03
Low
CVE-2021-3837
Vendor:
Openwhyd
Software:
Openwhyd
openwhyd is vulnerable to Improper Authorization
2021-12-21
Medium
CVE-2021-24739
Vendor:
Shapedplugin
Software:
Logo carousel
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
2021-12-20
CVE-2021-43847
Updating...
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
2021-11-16
Low
CVE-2021-42337
Vendor:
AIFU
Software:
Cashier acco...
2021-11-04
Medium
CVE-2021-21693
Vendor:
Jenkins
Software:
Jenkins
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
2021-11-01
Medium
CVE-2021-39341
Vendor:
Optinmonster
Software:
Optinmonster
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.
2021-10-19
Medium
CVE-2021-38486
Updating...
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.
2021-10-15
Medium
CVE-2021-42330
Vendor:
Xinheinformation
Software:
Xinhe teachi...
Copyright
2022
, cxsecurity.com
Back to Top
