Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2382 | 1 Shapedplugin | 1 Product Slider For Woocommerce | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. | |||||
| CVE-2023-21173 | 1 Google | 1 Android | 2023-06-30 | N/A | 5.5 MEDIUM |
| In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | |||||
| CVE-2023-34165 | 1 Huawei | 1 Harmonyos | 2023-06-30 | N/A | 5.3 MEDIUM |
| Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | |||||
| CVE-2023-21149 | 1 Google | 1 Android | 2023-06-30 | N/A | 7.8 HIGH |
| In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A | |||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2023-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | |||||
| CVE-2022-0756 | 1 Salesagility | 1 Suitecrm | 2023-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2023-06-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0871 | 1 Gogs | 1 Gogs | 2023-06-29 | 5.8 MEDIUM | 9.1 CRITICAL |
| Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0932 | 1 Saleor | 1 Saleor | 2023-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. | |||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2023-06-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-0905 | 1 Gitea | 1 Gitea | 2023-06-29 | 5.5 MEDIUM | 7.1 HIGH |
| Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | |||||
| CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2023-06-29 | 4.9 MEDIUM | 5.4 MEDIUM |
| snipe-it is vulnerable to Missing Authorization | |||||
| CVE-2023-35093 | 1 Stylemixthemes | 1 Masterstudy Lms | 2023-06-28 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | |||||
| CVE-2022-23642 | 1 Sourcegraph | 1 Sourcegraph | 2023-06-27 | 6.0 MEDIUM | 8.8 HIGH |
| Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected. | |||||
| CVE-2022-39340 | 1 Openfga | 1 Openfga | 2023-06-27 | N/A | 5.3 MEDIUM |
| OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue. | |||||
| CVE-2022-46850 | 1 Easy Media Replace Project | 1 Easy Media Replace | 2023-06-27 | N/A | 8.1 HIGH |
| Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | |||||
| CVE-2022-48491 | 1 Huawei | 1 Emui | 2023-06-27 | N/A | 5.3 MEDIUM |
| Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. | |||||
| CVE-2021-25519 | 1 Google | 1 Android | 2023-06-26 | 2.1 LOW | 3.3 LOW |
| An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | |||||
| CVE-2021-26637 | 1 Shinasys | 6 Sihas Acm-300, Sihas Acm-300 Firmware, Sihas Gcm-300 and 3 more | 2023-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device. | |||||
| CVE-2023-2787 | 1 Mattermost | 1 Mattermost | 2023-06-26 | N/A | 6.5 MEDIUM |
| Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | |||||