Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43885 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2023-11-16 | N/A | 8.1 HIGH |
| Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. | |||||
| CVE-2020-7343 | 1 Mcafee | 1 Agent | 2023-11-16 | 2.1 LOW | 5.5 MEDIUM |
| Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. | |||||
| CVE-2023-5506 | 1 Imagemapper Project | 1 Imagemapper | 2023-11-14 | N/A | 4.3 MEDIUM |
| The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages. | |||||
| CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System | 2023-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | |||||
| CVE-2023-5454 | 1 Templately | 1 Templately | 2023-11-14 | N/A | 7.5 HIGH |
| The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | |||||
| CVE-2023-26035 | 1 Zoneminder | 1 Zoneminder | 2023-11-14 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. | |||||
| CVE-2022-41246 | 1 Jenkins | 1 Worksoft Execution Manager | 2023-11-13 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2022-43421 | 1 Jenkins | 1 Tuleap Git Branch Source | 2023-11-13 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | |||||
| CVE-2022-45385 | 1 Jenkins | 1 Cloudbees Docker Hub\/registry Notification | 2023-11-13 | N/A | 7.5 HIGH |
| A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-46352 | 1 Smartmodules | 1 Facebookconversiontrackingplus | 2023-11-10 | N/A | 7.5 HIGH |
| In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email. | |||||
| CVE-2023-43194 | 1 Rcos | 1 Submitty | 2023-11-10 | N/A | 5.3 MEDIUM |
| Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. | |||||
| CVE-2023-36621 | 1 Nationaledtech | 1 Boomerang | 2023-11-09 | N/A | 9.1 CRITICAL |
| An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. | |||||
| CVE-2022-2461 | 1 Transposh | 1 Transposh Wordpress Translation | 2023-11-09 | N/A | 5.3 MEDIUM |
| The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site. | |||||
| CVE-2023-4198 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-11-08 | N/A | 6.5 MEDIUM |
| Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | |||||
| CVE-2023-42631 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42632 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42633 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42634 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42640 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-5862 | 1 Hamza417 | 1 Inure | 2023-11-08 | N/A | 3.3 LOW |
| Missing Authorization in GitHub repository hamza417/inure prior to Build95. | |||||