CWE:
 

Topic
Date
Author
Med.
OX Documents 7.10.5 Improper Authorization
21.07.2021
Martin Heiland
Med.
CTFd 2.1.5 Administrator Account Takeover
04.01.2020
Social Engineering Neo
Med.
Microsoft Windows Task Scheduler Local Privilege Escalation
22.07.2019
Social Engineering Neo
Med.
Slims CMS Akasia 8.3.1 SQL Injection
22.05.2019
KingSkrupellos
Med.
Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
19.05.2019
KingSkrupellos
Med.
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
07.11.2018
Matthew Bergin
Low
SAP Business Objects Unauthorized Audit Information Access
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized Audit Information Delete
26.02.2015
Onapsis
Low
SAP Business Objects Information Disclosure Via CORBA
09.10.2014
Will Vandevanter
Med.
SAP Business Warehouse Missing Authorization Check
09.10.2014
Will Vandevanter
Med.
SAP Business Objects Denial Of Service Via CORBA
09.10.2014
Will Vandevanter
Med.
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
15.11.2013
Pedro Andujar
High
Zoom Telephonics Multiple Vulns
03.09.2013
K Lovett


CVEMAP Search Results

CVE
Details
Description
2022-04-28
Waiting for details
CVE-2021-43939

Updating...
 

 
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.

 
2022-02-15
Low
CVE-2022-0587

Vendor: Librenms
Software: Librenms
 

 
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

 
2022-01-03
Low
CVE-2021-3837

Vendor: Openwhyd
Software: Openwhyd
 

 
openwhyd is vulnerable to Improper Authorization

 
2021-12-21
Medium
CVE-2021-24739

Vendor: Shapedplugin
Software: Logo carousel
 

 
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

 
2021-12-20
Waiting for details
CVE-2021-43847

Updating...
 

 
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.

 
2021-11-16
Low
CVE-2021-42337

Vendor: AIFU
Software: Cashier acco...
 

 

 
2021-11-04
Medium
CVE-2021-21693

Vendor: Jenkins
Software: Jenkins
 

 
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

 
2021-11-01
Medium
CVE-2021-39341

Vendor: Optinmonster
Software: Optinmonster
 

 
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.

 
2021-10-19
Medium
CVE-2021-38486

Updating...
 

 
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.

 
2021-10-15
Medium
CVE-2021-42330

Vendor: Xinheinformation
Software: Xinhe teachi...
 

 

 

 


Copyright 2022, cxsecurity.com

 

Back to Top