Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49003 | 1 Simplemobiletools | 1 Simple Dialer | 2024-01-04 | N/A | 5.3 MEDIUM |
| An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | |||||
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-04 | N/A | 8.8 HIGH |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | |||||
| CVE-2022-2389 | 1 Funnelkit | 1 Funnelkit Automations | 2024-01-04 | N/A | 4.3 MEDIUM |
| The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | |||||
| CVE-2023-51650 | 1 Dromara | 1 Hertzbeat | 2024-01-03 | N/A | 7.5 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue. | |||||
| CVE-2020-0989 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-12-31 | 2.1 LOW | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files.</p> <p>The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.</p> | |||||
| CVE-2023-5056 | 1 Redhat | 2 Enterprise Linux, Service Interconnect | 2023-12-29 | N/A | 4.1 MEDIUM |
| A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview. | |||||
| CVE-2023-22674 | 1 Halgatewood | 1 Dashicons \+ Custom Post Types | 2023-12-29 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.This issue affects Dashicons + Custom Post Types: from n/a through 1.0.2. | |||||
| CVE-2023-25715 | 1 Gamipress | 1 Gamipress | 2023-12-28 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | |||||
| CVE-2023-50976 | 1 Redpanda | 1 Redpanda | 2023-12-22 | N/A | 9.8 CRITICAL |
| Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. | |||||
| CVE-2023-46212 | 1 Wpvnteam | 1 Wp Extra | 2023-12-22 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2. | |||||
| CVE-2023-47754 | 1 Cleverplugins | 1 Delete Duplicate Posts | 2023-12-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9. | |||||
| CVE-2023-48751 | 1 Xnau | 1 Participants Database | 2023-12-22 | N/A | 8.8 HIGH |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5. | |||||
| CVE-2021-39232 | 1 Apache | 1 Ozone | 2023-12-22 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins. | |||||
| CVE-2021-39236 | 1 Apache | 1 Ozone | 2023-12-22 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user. | |||||
| CVE-2022-27209 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2023-12-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-28134 | 1 Jenkins | 1 Bitbucket Server Integration | 2023-12-22 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers. | |||||
| CVE-2022-27215 | 1 Jenkins | 1 Release Helper | 2023-12-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2022-29051 | 1 Jenkins | 1 Publish Over Ftp | 2023-12-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. | |||||
| CVE-2022-28137 | 1 Jenkins | 1 Jiratestresultreporter | 2023-12-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2023-6394 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2023-12-20 | N/A | 9.1 CRITICAL |
| A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. | |||||