Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-863
Total 1299 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47408 1 Fp Newsletter Project 1 Fp Newsletter 2022-12-16 N/A 9.1 CRITICAL
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
CVE-2022-23741 1 Github 1 Enterprise Server 2022-12-16 N/A 7.2 HIGH
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2022-46160 1 Enalean 1 Tuleap 2022-12-15 N/A 4.3 MEDIUM
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5.
CVE-2022-23473 1 Enalean 1 Tuleap 2022-12-15 N/A 4.3 MEDIUM
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6.
CVE-2022-45956 1 Boa 1 Boa 2022-12-15 N/A 5.3 MEDIUM
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
CVE-2022-3882 1 Wp-memory Project 1 Wp-memory 2022-12-15 N/A 6.5 MEDIUM
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-3879 1 Car Dealer Project 1 Car Dealer 2022-12-15 N/A 6.5 MEDIUM
The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-25685 1 Qualcomm 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more 2022-12-15 N/A 7.5 HIGH
Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-3881 1 Wptools Project 1 Wptools 2022-12-14 N/A 5.7 MEDIUM
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-3880 1 Antihacker Project 1 Antihacker 2022-12-14 N/A 6.5 MEDIUM
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2022-3883 1 Stopbadbots Project 1 Stopbadbots 2022-12-14 N/A 6.5 MEDIUM
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org
CVE-2021-42192 1 Konga Project 1 Konga 2022-12-14 9.0 HIGH 8.8 HIGH
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.
CVE-2010-4296 3 Apple, Linux, Vmware 6 Mac Os X, Linux Kernel, Fusion and 3 more 2022-12-14 7.2 HIGH N/A
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files.
CVE-2017-12118 1 Ethereum 1 Cpp-ethereum 2022-12-14 6.8 MEDIUM 8.1 HIGH
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.
CVE-2017-12117 1 Ethereum 1 Cpp-ethereum 2022-12-14 6.8 MEDIUM 8.1 HIGH
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.
CVE-2017-12116 1 Ethereum 1 Aleth 2022-12-14 6.8 MEDIUM 8.1 HIGH
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.
CVE-2017-12115 1 Ethereum 1 Cpp-ethereum 2022-12-14 6.8 MEDIUM 8.1 HIGH
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass.
CVE-2017-12114 1 Ethereum 1 Cpp-ethereum 2022-12-14 4.3 MEDIUM 6.8 MEDIUM
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.
CVE-2017-12113 1 Ethereum 1 Cpp-ethereum 2022-12-14 6.8 MEDIUM 8.1 HIGH
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.
CVE-2017-12112 1 Ethereum 1 Cpp-ethereum 2022-12-14 6.8 MEDIUM 8.1 HIGH
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.