| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled. |
|
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized
content, changes or deleting of content, or performing unauthorized functions when tampering
the Device File Transfer settings on DCE endpoints.
Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
|
| Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. |
| In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 |
