Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38504 | 1 Jetbrains | 1 Youtrack | 2024-08-23 | N/A | 5.3 MEDIUM |
| In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles | |||||
| CVE-2024-37111 | 1 Wishlistmember | 1 Wishlist Member X | 2024-08-20 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | |||||
| CVE-2024-37542 | 1 Wpdevart | 1 Gallery | 2024-08-20 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | |||||
| CVE-2024-43401 | 1 Xwiki | 1 Xwiki | 2024-08-20 | N/A | 8.0 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1. | |||||
| CVE-2024-43326 | 2024-08-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7. | |||||
| CVE-2024-43256 | 2024-08-19 | N/A | N/A | ||
| Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. | |||||
| CVE-2024-43247 | 2024-08-19 | N/A | N/A | ||
| Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5. | |||||
| CVE-2024-37317 | 1 Nextcloud | 1 Notes | 2024-08-19 | N/A | 4.6 MEDIUM |
| The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3. | |||||
| CVE-2024-35686 | 2024-08-19 | N/A | N/A | ||
| Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1. | |||||
| CVE-2024-37314 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-16 | N/A | 3.5 LOW |
| Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2. | |||||
| CVE-2024-34691 | 1 Sap | 1 S\/4 Hana | 2024-08-16 | N/A | 6.5 MEDIUM |
| Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system. | |||||
| CVE-2024-6392 | 1 Sirv | 1 Sirv | 2024-08-15 | N/A | 5.4 MEDIUM |
| The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one. | |||||
| CVE-2024-37935 | 2024-08-13 | N/A | N/A | ||
| Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | |||||
| CVE-2024-38699 | 2024-08-13 | N/A | N/A | ||
| Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | |||||
| CVE-2024-34690 | 1 Sap | 1 Student Life Cycle Management | 2024-08-09 | N/A | 5.4 MEDIUM |
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application. | |||||
| CVE-2024-37176 | 1 Sap | 1 Bw\/4hana | 2024-08-09 | N/A | 5.4 MEDIUM |
| SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application. | |||||
| CVE-2024-2544 | 1 Sygnoos | 1 Popup Builder | 2024-08-08 | N/A | 6.4 MEDIUM |
| The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks. | |||||
| CVE-2024-23504 | 1 Wpmanageninja | 1 Ninja Tables | 2024-08-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | |||||
| CVE-2023-51496 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-08-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | |||||
| CVE-2023-51497 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-08-07 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. | |||||