Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 32088 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8422 1 Zohocorp 1 Manageengine Remote Access Plus 2025-05-30 4.0 MEDIUM 4.3 MEDIUM
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
CVE-2020-28918 1 Deepnetsecurity 1 Dualshield 2025-05-30 5.0 MEDIUM 5.3 MEDIUM
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
CVE-2020-28406 1 Iris 1 Star Practice Management 2025-05-30 4.0 MEDIUM 6.5 MEDIUM
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.
CVE-2020-28405 1 Iris 1 Star Practice Management 2025-05-30 6.5 MEDIUM 8.8 HIGH
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.
CVE-2020-28404 1 Iris 1 Star Practice Management 2025-05-30 4.0 MEDIUM 6.5 MEDIUM
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
CVE-2020-28402 1 Iris 1 Star Practice Management 2025-05-30 6.5 MEDIUM 5.4 MEDIUM
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
CVE-2020-28401 1 Iris 1 Star Practice Management 2025-05-30 4.0 MEDIUM 6.5 MEDIUM
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
CVE-2020-26167 1 Thedaylightstudio 1 Fuel Cms 2025-05-30 10.0 HIGH 9.8 CRITICAL
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVE-2020-15595 1 Zohocorp 1 Manageengine Application Control Plus 2025-05-30 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
CVE-2019-7162 1 Zohocorp 1 Manageengine Adselfservice Plus 2025-05-30 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
CVE-2019-6515 1 Wso2 1 Api Manager 2025-05-30 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
CVE-2023-7252 1 Tickera 1 Tickera 2025-05-30 N/A 5.3 MEDIUM
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.
CVE-2023-31728 1 Teltonika-networks 2 Rut240, Rut240 Firmware 2025-05-30 N/A 7.0 HIGH
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.
CVE-2024-23985 1 Ezhometech 1 Ezserver 2025-05-30 N/A 7.5 HIGH
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVE-2024-23901 1 Jenkins 1 Github Branch Source 2025-05-30 N/A 6.5 MEDIUM
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
CVE-2024-23770 1 Unix4lyfe 1 Darkhttpd 2025-05-30 N/A 5.5 MEDIUM
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
CVE-2024-23730 1 Llamahub 1 Llamahub 2025-05-30 N/A 9.8 CRITICAL
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.
CVE-2024-23348 1 Appleple 1 A-blog Cms 2025-05-30 N/A 8.8 HIGH
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
CVE-2024-23215 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-30 N/A 5.5 MEDIUM
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data.
CVE-2024-23212 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-30 N/A 7.8 HIGH
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges.