| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint |
| Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9. |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. |
| Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. |
| Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.
|
|
A device API
endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy
and missing authentication requirement for private IPs, a remote attacker on
the same network as the device could obtain device information by convincing a
victim user to visit an attacker-controlled server and issue a cross-site
request.
This issue affects
My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My
Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126;
ibi Web App: before 4.26.0-6126.
|
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. |
