Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26521 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104. | |||||
| CVE-2023-28492 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10. | |||||
| CVE-2023-28494 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. | |||||
| CVE-2024-34803 | 2024-06-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | |||||
| CVE-2024-0570 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-05-29 | 7.5 HIGH | 9.1 CRITICAL |
| A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0569 | 1 Totolink | 2 T8, T8 Firmware | 2024-05-29 | 4.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. | |||||
| CVE-2019-1170 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 7.2 HIGH | 7.9 HIGH |
| An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files. | |||||
| CVE-2024-35237 | 2024-05-28 | N/A | 7.5 HIGH | ||
| MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated. | |||||
| CVE-2024-20355 | 2024-05-22 | N/A | 5.0 MEDIUM | ||
| A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device. This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authenticate using their designated connection profile (tunnel group), intercepting the SAML SSO token that is sent back from the Cisco ASA device, and then submitting the same SAML SSO token to a different tunnel group for authentication. A successful exploit could allow the attacker to establish a remote access VPN session using a connection profile that they are not authorized to use and connect to secured networks behind the affected device that they are not authorized to access. For successful exploitation, the attacker must have valid remote access VPN user credentials. | |||||
| CVE-2024-3761 | 2024-05-20 | N/A | 9.1 CRITICAL | ||
| In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a dataset by sending a DELETE request to the endpoint. The issue was fixed in version 1.2.8. The impact of this vulnerability is significant as it permits unauthorized users to delete datasets, potentially leading to data loss or disruption of service. | |||||
| CVE-2022-45070 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. | |||||
| CVE-2024-31281 | 2024-05-17 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6. | |||||
| CVE-2023-23988 | 2024-05-17 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. | |||||
| CVE-2023-33321 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. | |||||
| CVE-2023-34186 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3. | |||||
| CVE-2023-32129 | 2024-05-17 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. | |||||
| CVE-2024-32802 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32. | |||||
| CVE-2024-32692 | 2024-05-17 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9. | |||||
| CVE-2024-35173 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in PluginEver Serial Numbers for WooCommerce – License Manager.This issue affects Serial Numbers for WooCommerce – License Manager: from n/a through 1.7.3. | |||||
| CVE-2024-35174 | 2024-05-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42. | |||||