Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30529 | 1 Tainacan | 1 Tainacan | 2024-11-05 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.7. | |||||
| CVE-2024-30544 | 1 Upqode | 1 Whizzy | 2024-11-05 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in UPQODE Whizzy.This issue affects Whizzy: from n/a through 1.1.18. | |||||
| CVE-2024-10598 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-04 | N/A | 6.5 MEDIUM |
| A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5127 | 1 Lunary | 1 Lunary | 2024-11-03 | N/A | 5.4 MEDIUM |
| In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data. | |||||
| CVE-2024-4888 | 1 Litellm | 1 Litellm | 2024-11-03 | N/A | 8.1 HIGH |
| BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files. | |||||
| CVE-2024-5248 | 1 Lunary | 1 Lunary | 2024-11-03 | N/A | 6.5 MEDIUM |
| In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict the `Prompt Editor` role to prompt management and project viewing/listing capabilities, explicitly excluding access to user information. However, the endpoint fails to enforce this restriction, allowing users with the `Prompt Editor` role to access the full list of users in the organization. This vulnerability allows unauthorized access to sensitive user information, violating the intended access controls. | |||||
| CVE-2024-38714 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through 1.68.232. | |||||
| CVE-2024-37214 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | |||||
| CVE-2024-43154 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. | |||||
| CVE-2024-43215 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2. | |||||
| CVE-2024-37505 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9. | |||||
| CVE-2024-37506 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | |||||
| CVE-2024-38744 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0. | |||||
| CVE-2024-43212 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. | |||||
| CVE-2024-38771 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0. | |||||
| CVE-2024-37921 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8. | |||||
| CVE-2024-38726 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33. | |||||
| CVE-2024-37456 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2. | |||||
| CVE-2024-38777 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6. | |||||
| CVE-2024-37203 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. | |||||