Filtered by vendor
Subscriptions
Total
799 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-4811 | 1 Usememos | 1 Memos | 2024-11-21 | 8.3 High |
Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | ||||
CVE-2022-4806 | 1 Usememos | 1 Memos | 2024-11-21 | 5.3 Medium |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4803 | 1 Usememos | 1 Memos | 2024-11-21 | 8.8 High |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4802 | 1 Usememos | 1 Memos | 2024-11-21 | 5.4 Medium |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4799 | 1 Usememos | 1 Memos | 2024-11-21 | 6.5 Medium |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4798 | 1 Usememos | 1 Memos | 2024-11-21 | 5.3 Medium |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
CVE-2022-4686 | 1 Usememos | 1 Memos | 2024-11-21 | 9.8 Critical |
Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | ||||
CVE-2022-4505 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
CVE-2022-4097 | 1 Updraftplus | 1 All-in-one Security | 2024-11-21 | 5.3 Medium |
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | ||||
CVE-2022-46179 | 1 Liuos Project | 1 Liuos | 2024-11-21 | 9.2 Critical |
LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to "" (no quotes) to null the variable and force credential checks. | ||||
CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2024-11-21 | 8.8 High |
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. | ||||
CVE-2022-44005 | 1 Backclick | 1 Backclick | 2024-11-21 | 5.3 Medium |
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent. | ||||
CVE-2022-43450 | 1 Xwp | 1 Stream | 2024-11-21 | 4.3 Medium |
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | ||||
CVE-2022-43326 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2024-11-21 | 7.5 High |
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. | ||||
CVE-2022-42129 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.3 Medium |
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. | ||||
CVE-2022-41479 | 1 Devexpress | 1 Asp.net Web Forms Controls | 2024-11-21 | 7.5 High |
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. NOTE: the vendor disputes this because the retrieved source code is only the DevExpress client-side application code that is, of course, intentionally readable by web browsers (a site's custom code and data is never accessible via an IDOR approach). | ||||
CVE-2022-40319 | 1 Lsoft | 1 Listserv | 2024-11-21 | 7.5 High |
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | ||||
CVE-2022-3876 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 4.3 Medium |
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability. | ||||
CVE-2022-3589 | 1 Miele | 1 Appwash | 2024-11-21 | 8.1 High |
An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or changing the password of another user was not possible, thus no impact to Availability. | ||||
CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. |