Total
3274 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-20899 | 1 Vmware | 2 Sd-wan Edge, Sd-wan Edge Firmware | 2024-11-14 | 7.5 High |
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | ||||
CVE-2023-52713 | 2024-11-14 | 7.7 High | ||
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
CVE-2024-43088 | 1 Google | 1 Android | 2024-11-14 | 8.4 High |
In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-43087 | 1 Google | 1 Android | 2024-11-14 | 8.4 High |
In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2024-34719 | 1 Google | 1 Android | 2024-11-14 | 8.4 High |
In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-52383 | 2024-11-14 | 7.5 High | ||
Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2. | ||||
CVE-2024-52382 | 2024-11-14 | 9.8 Critical | ||
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0. | ||||
CVE-2023-6598 | 1 Softaculous | 1 Speedycache | 2024-11-14 | 4.3 Medium |
The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options. | ||||
CVE-2024-52554 | 1 Jenkins | 1 Shared Library Version Override | 2024-11-13 | 8.8 High |
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection. | ||||
CVE-2024-52549 | 2024-11-13 | 4.3 Medium | ||
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | ||||
CVE-2024-43090 | 2024-11-13 | 5 Medium | ||
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. | ||||
CVE-2022-41786 | 1 Wpjobportal | 1 Wp Job Portal | 2024-11-13 | 5.4 Medium |
Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. | ||||
CVE-2024-10529 | 1 Kognetiks | 1 Chatbot | 2024-11-13 | 5.3 Medium |
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants. | ||||
CVE-2024-10802 | 1 Hashthemes | 1 Hash Elements | 2024-11-13 | 5.3 Medium |
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users. | ||||
CVE-2020-3443 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-11-13 | 8.8 High |
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization of the System Operator role capabilities. An attacker could exploit this vulnerability by logging in with the System Operator role, performing a series of actions, and then assuming a new higher privileged role. A successful exploit could allow the attacker to perform all actions associated with the privilege of the assumed role. If that role is an administrative role, the attacker would gain full access to the device. | ||||
CVE-2020-3394 | 1 Cisco | 65 Nexus 3016, Nexus 3048, Nexus 3064 and 62 more | 2024-11-13 | 7.8 High |
A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attacker would need to have valid credentials for the affected device. The vulnerability is due to a logic error in the implementation of the enable command. An attacker could exploit this vulnerability by logging in to the device and issuing the enable command. A successful exploit could allow the attacker to gain full administrative privileges without using the enable password. Note: The Enable Secret feature is disabled by default. | ||||
CVE-2020-3524 | 1 Cisco | 26 4221 Integrated Services Router, 4331 Integrated Services Router, 4431 Integrated Services Router and 23 more | 2024-11-13 | 6.8 Medium |
A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. | ||||
CVE-2020-3400 | 1 Cisco | 1 Ios Xe | 2024-11-13 | 8.8 High |
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user. | ||||
CVE-2024-9578 | 1 Wp Puzzle | 1 Hide Links | 2024-11-13 | 5.3 Medium |
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site. | ||||
CVE-2024-8001 | 1 Viwis | 1 Lms | 2024-11-13 | 5.3 Medium |
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue. |