Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3,
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was o
Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Escalation. An API key created with read-only permissions (domain: "api", re
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed a user with read access to a repository and write access to a project to modify issue and pull request m
Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass. This issue affects MyRezzta: from s2.03.01 before v2.05.01.
Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.
An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3
CVE-2024-43322
CRITICAL CVSS 9.8
Find Similar
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.
Authorization Bypass Through User-Controlled Key vulnerability in DevItems Support Genix support-genix-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects S
A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argumen
Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.
Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646
Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19.
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authent
A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads