CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9116 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-32061	1 Discourse	1 Discourse	2025-01-02	5.4 Medium
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other users. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. There are no known workarounds.
CVE-2023-3230	1 Fossbilling	1 Fossbilling	2025-01-02	7.5 High
Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2024-56348	1 Jetbrains	1 Teamcity	2025-01-02	4.3 Medium
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
CVE-2024-56349	1 Jetbrains	1 Teamcity	2025-01-02	5.3 Medium
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVE-2024-56350	1 Jetbrains	1 Teamcity	2025-01-02	4.3 Medium
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVE-2024-56238			2025-01-02	5.3 Medium
Missing Authorization vulnerability in QunatumCloud Floating Action Buttons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Floating Action Buttons: from n/a through 0.9.1.
CVE-2022-21894	1 Microsoft	7 Windows 10, Windows 11, Windows 8.1 and 4 more	2025-01-02	4.4 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2023-46631			2025-01-02	6.5 Medium
Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2.
CVE-2023-46635			2025-01-02	5.3 Medium
Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0.
CVE-2023-46639			2025-01-02	5.3 Medium
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5.
CVE-2023-46644			2025-01-02	6.5 Medium
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
CVE-2023-48683	1 Acronis	1 Cyber Protect Cloud Agent	2025-01-02	N/A
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
CVE-2023-45246	4 Acronis, Apple, Linux and 1 more	5 Agent, Cyber Protect Cloud Agent, Macos and 2 more	2025-01-02	7.1 High
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
CVE-2023-48739			2025-01-02	5.3 Medium
Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.
CVE-2023-46196			2025-01-02	4.3 Medium
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97.
CVE-2023-46616			2025-01-02	5.4 Medium
Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15.
CVE-2023-47557			2025-01-02	4.3 Medium
Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2.
CVE-2023-47647			2025-01-02	4.3 Medium
Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6.
CVE-2023-47661			2025-01-02	5.4 Medium
Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2.
CVE-2024-56236			2025-01-02	4.3 Medium
Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0.

« first previous Page 266 of 456. next last »