Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38460 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2024-10-01 | N/A | 7.8 HIGH |
| In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges | |||||
| CVE-2023-5525 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2024-10-01 | N/A | 4.3 MEDIUM |
| The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. | |||||
| CVE-2024-9025 | 1 Codesupply | 1 Sight | 2024-10-01 | N/A | 5.3 MEDIUM |
| The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to expose private, pending, trashed, and draft post titles. Successful exploitation requires the Elementor plugin to be installed and activated. | |||||
| CVE-2024-9297 | 1 Oretnom23 | 1 Railway Reservation System | 2024-10-01 | N/A | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/system_info leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6590 | 1 Javmah | 1 Spreadsheet Integration | 2024-09-30 | N/A | 4.3 MEDIUM |
| The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 3.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit post status, edit Google sheet integrations, and create Google sheet integrations. | |||||
| CVE-2023-37492 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-28 | N/A | 6.5 MEDIUM |
| SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack. | |||||
| CVE-2023-39438 | 1 Sap | 1 Contributor License Agreement Assistant | 2024-09-28 | N/A | 8.1 HIGH |
| A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses. | |||||
| CVE-2024-7390 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-09-27 | N/A | 5.3 MEDIUM |
| The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to change the order of testimonials. | |||||
| CVE-2024-7888 | 1 Radiustheme | 1 Classified Listing - Classified Ads \& Business Directory | 2024-09-27 | N/A | 4.3 MEDIUM |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings. | |||||
| CVE-2024-7258 | 1 Wpmarketingrobot | 1 Woocommerce Google Feed Manager | 2024-09-27 | N/A | 8.8 HIGH |
| The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |||||
| CVE-2024-8432 | 1 Webba-booking | 1 Webba Booking | 2024-09-27 | N/A | 4.3 MEDIUM |
| The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the booking form's CSS. | |||||
| CVE-2024-7622 | 1 Jetplugs | 1 Revision Manager Tmc | 2024-09-26 | N/A | 4.3 MEDIUM |
| The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to send emails with arbitrary content to any individual through the vulnerable web server. | |||||
| CVE-2023-3300 | 1 Hashicorp | 1 Nomad | 2024-09-26 | N/A | 5.3 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1. | |||||
| CVE-2023-3072 | 1 Hashicorp | 1 Nomad | 2024-09-26 | N/A | 3.8 LOW |
| HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | |||||
| CVE-2024-8480 | 1 Sirv | 1 Sirv | 2024-09-26 | N/A | 8.8 HIGH |
| The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-8369 | 1 Metagauss | 1 Eventprime | 2024-09-26 | N/A | 5.3 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events. | |||||
| CVE-2024-31423 | 1 Volkov | 1 Wp Accessibility Helper | 2024-09-26 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5. | |||||
| CVE-2024-31359 | 1 Premmerce | 1 Premmerce Product Filter For Woocommerce | 2024-09-26 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2. | |||||
| CVE-2024-47337 | 2024-09-26 | N/A | N/A | ||
| Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1. | |||||
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | |||||