Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27950 | 2024-03-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. | |||||
| CVE-2023-51692 | 2024-02-29 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | |||||
| CVE-2023-47874 | 2024-02-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6. | |||||
| CVE-2023-45244 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-02-27 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 37391. | |||||
| CVE-2023-44211 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-02-27 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 31637, Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2024-26138 | 2024-02-22 | N/A | 5.3 MEDIUM | ||
| The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading. | |||||
| CVE-2024-0595 | 1 Getawesomesupport | 1 Awesome Support | 2024-02-16 | N/A | 4.3 MEDIUM |
| The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. | |||||
| CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-02-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-1511 | 1 Snipeitapp | 1 Snipe-it | 2024-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. | |||||
| CVE-2023-40653 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-02-15 | N/A | 6.7 MEDIUM |
| In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | |||||
| CVE-2024-1122 | 1 Themewinter | 1 Eventin | 2024-02-15 | N/A | 5.3 MEDIUM |
| The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | |||||
| CVE-2024-24822 | 1 Pimcore | 1 Admin Classic Bundle | 2024-02-15 | N/A | 9.1 CRITICAL |
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. | |||||
| CVE-2024-1079 | 1 Ays-pro | 1 Quiz Maker | 2024-02-14 | N/A | 5.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | |||||
| CVE-2024-1078 | 1 Ays-pro | 1 Quiz Maker | 2024-02-14 | N/A | 4.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. | |||||
| CVE-2023-6959 | 1 Motopress | 1 Getwid - Gutenberg Blocks | 2024-02-14 | N/A | 4.3 MEDIUM |
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings. | |||||
| CVE-2017-6564 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. | |||||
| CVE-2017-5136 | 1 Sendquick | 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more | 2024-02-14 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system. | |||||
| CVE-2017-6565 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. | |||||
| CVE-2019-16124 | 1 Youphptube | 1 Youphptube | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | |||||
| CVE-2024-1072 | 1 Seedprod | 1 Website Builder By Seedprod | 2024-02-13 | N/A | 7.5 HIGH |
| The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23. | |||||