| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. |
| Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. |
| A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. |
| An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. |
| Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController |
