Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42644 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42654 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42646 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42643 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42642 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42641 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42635 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42636 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42637 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42638 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42639 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42648 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42650 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42651 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-42652 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-11-08 | N/A | 5.5 MEDIUM |
| In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | |||||
| CVE-2023-5251 | 1 G5theme | 1 Grid Plus | 2023-11-08 | N/A | 5.4 MEDIUM |
| The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. | |||||
| CVE-2023-4606 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2023-11-07 | N/A | 8.1 HIGH |
| An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | |||||
| CVE-2023-5533 | 1 Quantumcloud | 1 Ai Chatbot | 2023-11-07 | N/A | 9.8 CRITICAL |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. | |||||
| CVE-2023-5311 | 1 Wpvnteam | 1 Wp Extra | 2023-11-07 | N/A | 8.8 HIGH |
| The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. | |||||
| CVE-2023-5132 | 1 Soisy | 1 Soisy Pagamento Rateale | 2023-11-07 | N/A | 7.5 HIGH |
| The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). | |||||