| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node.
This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device.
Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time. |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' |
| The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure. |
| Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. |
| WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they donĀ“t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. |
| In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. |
| Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. |
| In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. |
