Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32144 | 1 Welcart | 1 Welcart E-commerce | 2024-08-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14. | |||||
| CVE-2024-34753 | 1 Softlabbd | 1 Radio Player | 2024-08-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | |||||
| CVE-2024-34819 | 1 Moreconvert | 1 Woocommerce Wishlist | 2024-08-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2. | |||||
| CVE-2024-34821 | 1 Contactlistpro | 1 Contact List | 2024-08-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87. | |||||
| CVE-2024-23503 | 1 Wpmanageninja | 1 Ninja Tables | 2024-08-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | |||||
| CVE-2024-34822 | 1 Wedevs | 1 Wemail | 2024-08-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. | |||||
| CVE-2023-6696 | 1 Sygnoos | 1 Popup Builder | 2024-08-06 | N/A | 8.1 HIGH |
| The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery. | |||||
| CVE-2024-4788 | 1 Woostify | 1 Boostify Header Footer Builder For Elementor | 2024-08-05 | N/A | 4.3 MEDIUM |
| The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages or posts with arbitrary content. | |||||
| CVE-2020-11967 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-08-04 | 9.0 HIGH | 9.8 CRITICAL |
| In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time” | |||||
| CVE-2021-41554 | 1 Archibus | 1 Web Central | 2024-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020 | |||||
| CVE-2021-28154 | 1 Camunda | 1 Modeler | 2024-08-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed. | |||||
| CVE-2022-3007 | 1 Syska | 2 Sw100 Smartwatch, Sw100 Smartwatch Firmware | 2024-08-03 | N/A | 8.1 HIGH |
| The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. | |||||
| CVE-2024-36995 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-08-02 | N/A | 3.5 LOW |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. | |||||
| CVE-2023-6394 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2024-08-02 | N/A | 9.1 CRITICAL |
| A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. | |||||
| CVE-2022-45832 | 1 Hennessey | 1 Attorney | 2024-07-31 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | |||||
| CVE-2023-36515 | 1 Thimpress | 1 Learnpress | 2024-07-31 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | |||||
| CVE-2023-36516 | 1 Thimpress | 1 Learnpress | 2024-07-31 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | |||||
| CVE-2023-38394 | 1 Artbees | 1 Jupiter X Core | 2024-07-31 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. | |||||
| CVE-2023-38393 | 1 Ninjaforms | 1 Ninja Forms | 2024-07-31 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | |||||
| CVE-2024-34444 | 1 Themepunch | 1 Slider Revolution | 2024-07-31 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. | |||||