Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43940 | 1 Zynith | 1 Zynith | 2024-10-10 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | |||||
| CVE-2024-43939 | 1 Zynith | 1 Zynith | 2024-10-10 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9. | |||||
| CVE-2024-8431 | 2024-10-10 | N/A | 4.3 MEDIUM | ||
| The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles. | |||||
| CVE-2023-21133 | 1 Google | 1 Android | 2024-10-09 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21132 | 1 Google | 1 Android | 2024-10-09 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21134 | 1 Google | 1 Android | 2024-10-09 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21140 | 1 Google | 1 Android | 2024-10-09 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-23639 | 1 Mainwp | 1 Staging Extension | 2024-10-09 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3. | |||||
| CVE-2024-31098 | 1 Mrebabi | 1 New Order Notification For Woocommerce | 2024-10-09 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2. | |||||
| CVE-2024-30467 | 1 Wpdeveloper | 1 Essential Blocks | 2024-10-08 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9. | |||||
| CVE-2024-30466 | 1 Onthegosystems | 1 Woocommerce Multilingual \& Multicurrency | 2024-10-08 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4. | |||||
| CVE-2024-30470 | 1 Yithemes | 1 Woocommerce Account Funds | 2024-10-08 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0. | |||||
| CVE-2024-20477 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-08 | N/A | 5.4 MEDIUM |
| A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. | |||||
| CVE-2024-20438 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-08 | N/A | 5.4 MEDIUM |
| A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | |||||
| CVE-2024-20442 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-07 | N/A | 5.4 MEDIUM |
| A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | |||||
| CVE-2024-30515 | 1 Pixelite | 1 Events Manager | 2024-10-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4. | |||||
| CVE-2024-30517 | 1 Slicedinvoices | 1 Sliced Invoices | 2024-10-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Sliced Invoices.This issue affects Sliced Invoices: from n/a through 3.9.2. | |||||
| CVE-2024-6845 | 1 Smartsearchwp | 1 Smartsearchwp | 2024-10-07 | N/A | 5.3 MEDIUM |
| The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key | |||||
| CVE-2024-30512 | 1 Weformspro | 1 Weforms | 2024-10-07 | N/A | 9.1 CRITICAL |
| Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20. | |||||
| CVE-2024-30485 | 1 Xlplugins | 1 Finale | 2024-10-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | |||||