Export limit exceeded: 11862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-0641 1 Google 1 Android 2026-02-25 5.5 Medium
In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454
CVE-2024-47183 2 Parse Community, Parseplatform 2 Parse Server, Parse-server 2026-02-25 8.1 High
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0.
CVE-2023-33071 1 Qualcomm 26 Qca6574, Qca6574 Firmware, Qca6574a and 23 more 2026-02-25 8.4 High
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
CVE-2022-31595 1 Sap 1 Adaptive Server Enterprise 2026-02-25 8.8 High
SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2022-2732 1 Open-emr 1 Openemr 2026-02-25 8.3 High
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2021-26040 1 Joomla 1 Joomla\! 2026-02-25 9.1 Critical
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
CVE-2021-23123 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
CVE-2021-26027 1 Joomla 1 Joomla\! 2026-02-25 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2022-1223 1 Phpipam 1 Phpipam 2026-02-24 6.5 Medium
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVE-2022-0762 1 Microweber 1 Microweber 2026-02-24 5.5 Medium
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0611 1 Snipeitapp 1 Snipe-it 2026-02-24 6.3 Medium
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
CVE-2022-0588 1 Librenms 1 Librenms 2026-02-24 7.1 High
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0580 1 Librenms 1 Librenms 2026-02-24 7.1 High
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0579 1 Snipeitapp 1 Snipe-it 2026-02-24 6.5 Medium
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
CVE-2022-0178 1 Snipeitapp 1 Snipe-it 2026-02-24 6.3 Medium
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
CVE-2025-11581 1 Powerjob 1 Powerjob 2026-02-24 5.3 Medium
A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-11580 1 Powerjob 1 Powerjob 2026-02-24 5.3 Medium
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-15390 1 Phpgurukul 1 Small Crm 2026-02-24 6.3 Medium
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2025-12925 1 Rymcu 1 Forest 2026-02-24 7.3 High
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
CVE-2025-12924 1 Rymcu 1 Forest 2026-02-24 4.3 Medium
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.