| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. |
| Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324. |
| SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. |
| Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds. |
| Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. |
| In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents |
| In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs |
| In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects |
| Missing Authorization vulnerability in QunatumCloud Floating Action Buttons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Floating Action Buttons: from n/a through 0.9.1. |
| Secure Boot Security Feature Bypass Vulnerability |
| Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2. |
| Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0. |
| Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5. |
| Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8. |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. |
| Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a before 2.12.1. |
| Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97. |
| Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15. |
| Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2. |
