Export limit exceeded: 343465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-02-25 | 6.7 Medium |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. | ||||
| CVE-2023-28758 | 1 Veritas | 1 Netbackup | 2025-02-25 | 7.1 High |
| An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | ||||
| CVE-2023-20957 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 | ||||
| CVE-2023-20995 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279 | ||||
| CVE-2023-25802 | 1 Roxy-wi | 1 Roxy-wi | 2025-02-25 | 7.5 High |
| Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue. | ||||
| CVE-2023-27589 | 1 Minio | 1 Minio | 2025-02-25 | 6.5 Medium |
| Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`. | ||||
| CVE-2023-28436 | 1 Tailscale | 1 Tailscale | 2025-02-25 | 5.7 Medium |
| Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. A difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules. Tailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria: the destination node was a FreeBSD device with Tailscale SSH enabled; Tailscale SSH access rules permitted access for non-root users; and a non-interactive SSH session was used. Affected users should upgrade to version 1.38.2 to remediate the issue. | ||||
| CVE-2022-48353 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 9.8 Critical |
| Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions. | ||||
| CVE-2024-22774 | 1 Panoramic Corporation | 1 Dental Imaging Software | 2025-02-21 | 7.8 High |
| An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. | ||||
| CVE-2021-45729 | 1 Srmilon | 1 Wp Google Map | 2025-02-20 | 5.4 Medium |
| The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. | ||||
| CVE-2022-29444 | 1 Cloudways | 1 Breeze | 2025-02-20 | 6.5 Medium |
| Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack. | ||||
| CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2025-02-20 | 3.8 Low |
| Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. | ||||
| CVE-2022-33198 | 1 Oxilab | 1 Accordions | 2025-02-20 | 9.8 Critical |
| Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | ||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2025-02-20 | 9.8 Critical |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | ||||
| CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2025-02-20 | 6.3 Medium |
| Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | ||||
| CVE-2022-33969 | 1 Oxilab | 1 Flipbox | 2025-02-20 | 7.2 High |
| Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. | ||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2025-02-20 | 7.2 High |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | ||||
| CVE-2022-33970 | 1 Oxilab | 1 Shortcode Addons | 2025-02-20 | 7.2 High |
| Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. | ||||
| CVE-2022-25649 | 1 Storeapps | 1 Affiliate For Woocommerce | 2025-02-20 | 5 Medium |
| Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | ||||
| CVE-2022-34149 | 1 Miniorange | 1 Wp Oauth Server | 2025-02-20 | 9.8 Critical |
| Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | ||||