Total
2799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41135 | 1 Wpchill | 1 Customizable Wordpress Gallery Plugin - Modula Image Gallery | 2024-09-16 | 6.5 Medium |
| Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. | ||||
| CVE-2020-26072 | 1 Cisco | 1 Iot Field Network Director | 2024-09-16 | 8.7 High |
| A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. | ||||
| CVE-2019-15255 | 1 Cisco | 1 Identity Services Engine | 2024-09-16 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2023-38205 | 1 Adobe | 1 Coldfusion | 2024-09-16 | 7.5 High |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | ||||
| CVE-2019-6520 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 7.5 High |
| Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | ||||
| CVE-2019-12670 | 1 Cisco | 1 Ios | 2024-09-16 | 6.7 Medium |
| A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. | ||||
| CVE-2021-23173 | 1 Philips | 1 Engage | 2024-09-16 | 2.6 Low |
| The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. | ||||
| CVE-2022-1261 | 1 Honeywell | 1 Matrikon Opc Server | 2024-09-16 | 5.8 Medium |
| Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. | ||||
| CVE-2018-4845 | 1 Siemens | 6 Rapidlab 1200, Rapidlab 1200 Firmware, Rapidpoint 400 and 3 more | 2024-09-16 | 8.8 High |
| A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. | ||||
| CVE-2020-29020 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2024-09-16 | 9.1 Critical |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. | ||||
| CVE-2022-28612 | 1 Custom Popup Builder Project | 1 Custom Popup Builder | 2024-09-16 | 5.4 Medium |
| Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | ||||
| CVE-2019-3779 | 1 Cloudfoundry | 1 Container Runtime | 2024-09-16 | N/A |
| Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD. | ||||
| CVE-2021-34627 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2024-09-16 | 4.3 Medium |
| A vulnerability in the getSelectedMimeTypesByRole function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to view custom extensions added by administrators. This issue affects versions 2.2.3 and prior. | ||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2024-09-16 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||
| CVE-2022-1521 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-09-16 | 9.1 Critical |
| LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | ||||
| CVE-2019-12627 | 1 Cisco | 29 Amp 7150, Amp 8150, Firepower 7010 and 26 more | 2024-09-16 | 7.5 High |
| A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. | ||||
| CVE-2021-28798 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 8.8 High |
| A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected. | ||||
| CVE-2021-1449 | 1 Cisco | 14 1100 Integrated Services Router, Aironet 1540, Aironet 1560 and 11 more | 2024-09-16 | 6.7 Medium |
| A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. | ||||
| CVE-2021-36913 | 1 Redirection-for-contact-form7 | 1 Redirection For Contact Form 7 | 2024-09-16 | 7.5 High |
| Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. | ||||
| CVE-2021-36775 | 1 Rancher | 1 Rancher | 2024-09-16 | 8.8 High |
| a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | ||||