Total
3964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20315 | 1 Cisco | 1 Ios Xr Software | 2025-04-15 | 5.8 Medium |
| A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. | ||||
| CVE-2022-44565 | 1 Ui | 12 Airfiber 60, Airfiber 60-hd, Airfiber 60-hd Firmware and 9 more | 2025-04-15 | 5.3 Medium |
| An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device. | ||||
| CVE-2022-1753 | 1 Wowonder | 1 Wowonder | 2025-04-15 | 5.4 Medium |
| A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public. | ||||
| CVE-2017-20066 | 1 Adminer Login Project | 1 Adminer Login | 2025-04-15 | 5.3 Medium |
| A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-44014 | 1 Simmeth | 1 Lieferantenmanager | 2025-04-15 | 6.5 Medium |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab. | ||||
| CVE-2022-2578 | 1 Garage Management System Project | 1 Garage Management System | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-23513 | 1 Pi-hole | 1 Adminlte | 2025-04-15 | 5.3 Medium |
| Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. | ||||
| CVE-2022-4087 | 1 Ipxe | 1 Ipxe | 2025-04-15 | 2.6 Low |
| A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-36790 | 1 Microsoft | 1 Windows Server 2008 | 2025-04-14 | 7.8 High |
| Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-36561 | 1 Microsoft | 1 Azure Devops Server | 2025-04-14 | 7.3 High |
| Azure DevOps Server Elevation of Privilege Vulnerability | ||||
| CVE-2023-36722 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-14 | 4.4 Medium |
| Active Directory Domain Services Information Disclosure Vulnerability | ||||
| CVE-2023-36725 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-14 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-41772 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-14 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2022-41317 | 1 Squid-cache | 1 Squid | 2025-04-14 | 6.5 Medium |
| An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7. | ||||
| CVE-2022-41654 | 1 Ghost | 1 Ghost | 2025-04-14 | 4.3 Medium |
| An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-4567 | 1 Open-emr | 1 Openemr | 2025-04-14 | 8.1 High |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2021-4201 | 1 Forgerock | 1 Access Management | 2025-04-14 | 9.6 Critical |
| Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions. | ||||
| CVE-2022-2702 | 1 Company Website\/cms Project | 1 Company Website\/cms | 2025-04-14 | 7.3 High |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4229 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | ||||
| CVE-2022-45778 | 1 Hillstonenet | 8 Sc-6000-wv02, Sc-6000-wv02 Firmware, Sc-6000-wv04 and 5 more | 2025-04-14 | 9.8 Critical |
| https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m. | ||||