Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2023-12-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2023-12-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |||||
| CVE-2021-38624 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | |||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2023-12-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | |||||
| CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-12-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | |||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2023-12-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | |||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2023-12-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
| CVE-2023-46446 | 1 Asyncssh Project | 1 Asyncssh | 2023-12-22 | N/A | 6.8 MEDIUM |
| An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | |||||
| CVE-2023-44249 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-21 | N/A | 6.5 MEDIUM |
| An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | |||||
| CVE-2023-46701 | 1 Mattermost | 1 Mattermost Server | 2023-12-14 | N/A | 5.3 MEDIUM |
| Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | |||||
| CVE-2023-6341 | 1 Catalisgov | 1 Cms360 | 2023-12-08 | N/A | 5.3 MEDIUM |
| Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | |||||
| CVE-2023-6226 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2023-12-04 | N/A | 4.3 MEDIUM |
| The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin. | |||||
| CVE-2023-33706 | 1 Sysaid | 1 Sysaid | 2023-11-30 | N/A | 6.5 MEDIUM |
| SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | |||||
| CVE-2023-38884 | 1 Os4ed | 1 Opensis | 2023-11-30 | N/A | 7.5 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | |||||
| CVE-2023-47316 | 1 H-mdm | 1 Headwind Mdm | 2023-11-30 | N/A | 5.4 MEDIUM |
| Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls. | |||||
| CVE-2023-43900 | 1 Emsigner | 1 Emsigner | 2023-11-17 | N/A | 6.5 MEDIUM |
| Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. | |||||
| CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-11-15 | N/A | 5.4 MEDIUM |
| Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | |||||
| CVE-2022-29008 | 1 Phpgurukul | 1 Bus Pass Management System | 2023-11-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | |||||
| CVE-2023-43668 | 1 Apache | 1 Inlong | 2023-11-14 | N/A | 9.8 CRITICAL |
| Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 | |||||
| CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2023-11-13 | N/A | 9.8 CRITICAL |
| Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | |||||