Total
2078 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42541 | 1 Samsung | 1 Push Service | 2025-03-06 | 4 Medium |
| Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | ||||
| CVE-2023-3814 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-03-06 | 4.9 Medium |
| The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server. | ||||
| CVE-2023-0328 | 1 Wpcode | 1 Wpcode | 2025-03-06 | 4.3 Medium |
| The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). | ||||
| CVE-2025-2045 | 1 Gitlab | 1 Gitlab | 2025-03-06 | 4.3 Medium |
| Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data. | ||||
| CVE-2025-27645 | 2025-03-05 | 9.8 Critical | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005. | ||||
| CVE-2023-22891 | 1 Smartbear | 1 Zephyr Enterprise | 2025-03-05 | 8.1 High |
| There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | ||||
| CVE-2023-26056 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 5.4 Medium |
| XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue. | ||||
| CVE-2025-2003 | 2025-03-05 | 7.1 High | ||
| Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission. | ||||
| CVE-2023-22251 | 1 Adobe | 2 Commerce, Magento Open Source | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure. | ||||
| CVE-2023-22248 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 7.5 High |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to leak another user's data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-29288 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-29295 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-29296 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 4.3 Medium |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-39352 | 1 Synology | 4 Bc500, Bc500 Firmware, Tc500 and 1 more | 2025-03-04 | 4.9 Medium |
| A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | ||||
| CVE-2022-4315 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-03-04 | 5 Medium |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | ||||
| CVE-2023-24999 | 2 Hashicorp, Redhat | 2 Vault, Openshift Data Foundation | 2025-03-03 | 4.4 Medium |
| HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. | ||||
| CVE-2023-25548 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-03-03 | 8.8 High |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-4997 | 1 Prointegra | 1 Uptimedc | 2025-03-03 | 8.8 High |
| Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | ||||
| CVE-2023-21719 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2023-27903 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2025-02-28 | 4.4 Medium |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. | ||||