Total
2820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2792 | 1 Emerson | 1 Electric\'s Proficy | 2024-08-03 | 6.6 Medium |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | ||||
| CVE-2022-2702 | 1 Company Website\/cms Project | 1 Company Website\/cms | 2024-08-03 | 7.3 High |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2024-08-03 | 8.8 High |
| Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | ||||
| CVE-2022-2578 | 1 Garage Management System Project | 1 Garage Management System | 2024-08-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-2225 | 1 Cloudflare | 1 Warp | 2024-08-03 | 8.1 High |
| By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'. | ||||
| CVE-2022-2088 | 1 Smartics | 1 Smartics | 2024-08-03 | 6.8 Medium |
| An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | ||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2024-08-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | ||||
| CVE-2022-1753 | 1 Wowonder | 1 Wowonder | 2024-08-03 | 5.4 Medium |
| A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public. | ||||
| CVE-2022-1658 | 1 Artbees | 1 Jupiter | 2024-08-03 | 5.4 Medium |
| Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. | ||||
| CVE-2022-1656 | 1 Artbees | 2 Jupiter X Core, Jupiterx | 2024-08-03 | 5.4 Medium |
| Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. | ||||
| CVE-2022-1659 | 1 Artbees | 1 Jupiterx | 2024-08-03 | 5.4 Medium |
| Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. | ||||
| CVE-2022-1631 | 1 Microweber | 1 Microweber | 2024-08-03 | 8.8 High |
| Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. | ||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-08-03 | 4.9 Medium |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | ||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-08-02 | 8.8 High |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-02 | 6.5 Medium |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2024-08-02 | 5.4 Medium |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-08-02 | 6.5 Medium |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0541 | 1 Flothemes | 1 Flo-launch | 2024-08-02 | 9.8 Critical |
| The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | ||||
| CVE-2022-0405 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 4.3 Medium |
| Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2024-08-02 | 6.5 Medium |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||