Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2024-04-23 | N/A | 6.8 MEDIUM |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2024-32656 | 2024-04-23 | N/A | 7.8 HIGH | ||
| Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file. | |||||
| CVE-2024-32684 | 2024-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | |||||
| CVE-2024-32682 | 2024-04-22 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |||||
| CVE-2024-32691 | 2024-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. | |||||
| CVE-2024-32688 | 2024-04-22 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. | |||||
| CVE-2024-32681 | 2024-04-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |||||
| CVE-2024-32687 | 2024-04-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3. | |||||
| CVE-2024-32466 | 2024-04-18 | N/A | 2.7 LOW | ||
| Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to `translation.view`. This vulnerability is fixed in v3.57.2 | |||||
| CVE-2024-32142 | 2024-04-18 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0. | |||||
| CVE-2024-32689 | 2024-04-18 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. | |||||
| CVE-2024-32601 | 2024-04-18 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8. | |||||
| CVE-2023-49742 | 2024-04-18 | N/A | 9.9 CRITICAL | ||
| Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. | |||||
| CVE-2023-45000 | 2024-04-17 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7. | |||||
| CVE-2024-32455 | 2024-04-17 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2. | |||||
| CVE-2024-25911 | 2024-04-17 | N/A | 8.6 HIGH | ||
| Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||||
| CVE-2023-51500 | 2024-04-17 | N/A | 7.7 HIGH | ||
| Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8. | |||||
| CVE-2024-32509 | 2024-04-17 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76. | |||||
| CVE-2024-32520 | 2024-04-17 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2. | |||||
| CVE-2024-32524 | 2024-04-17 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | |||||