Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2024-01-26 | N/A | 6.5 MEDIUM |
| The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | |||||
| CVE-2009-2282 | 1 Oracle | 2 Opensolaris, Solaris | 2024-01-26 | 4.6 MEDIUM | N/A |
| The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. | |||||
| CVE-2009-3168 | 1 Mevin | 1 Basic Php Events Lister | 2024-01-25 | 6.5 MEDIUM | N/A |
| Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request. | |||||
| CVE-2023-20252 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-01-25 | N/A | 9.8 CRITICAL |
| A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | |||||
| CVE-2022-20941 | 1 Cisco | 1 Firepower Management Center | 2024-01-25 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | |||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-01-25 | N/A | 8.3 HIGH |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2023-48339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-01-25 | N/A | 4.4 MEDIUM |
| In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | |||||
| CVE-2022-41790 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | |||||
| CVE-2023-23896 | 1 Mythemeshop | 1 Url Shortener | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17. | |||||
| CVE-2022-40203 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |||||
| CVE-2022-36418 | 1 Dcgws | 1 Hreflang Tags Lite | 2024-01-24 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0. | |||||
| CVE-2022-38141 | 1 Zorem | 1 Sales Report Email For Woocommerce | 2024-01-24 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | |||||
| CVE-2023-34379 | 1 Magneticone | 1 Magento To Woocommerce Migration | 2024-01-24 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||||
| CVE-2022-40702 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-01-24 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||||
| CVE-2023-23882 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2024-01-24 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | |||||
| CVE-2022-42884 | 1 Themeinprogress | 1 Wip Custom Login | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | |||||
| CVE-2022-41786 | 1 Wpjobportal | 1 Wp Job Portal | 2024-01-24 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. | |||||
| CVE-2022-23180 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2024-01-24 | N/A | 4.3 MEDIUM |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | |||||
| CVE-2022-41695 | 1 Sedlex | 1 Traffic Manager | 2024-01-23 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. | |||||
| CVE-2022-41619 | 1 Sedlex | 1 Image Zoom | 2024-01-23 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8. | |||||