Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51500 | 2024-08-02 | 7.7 High | ||
| Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8. | ||||
| CVE-2023-51499 | 2024-08-02 | 4.3 Medium | ||
| Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4. | ||||
| CVE-2023-51498 | 2024-08-02 | 5.3 Medium | ||
| Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3. | ||||
| CVE-2023-51418 | 2024-08-02 | 7.7 High | ||
| Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6. | ||||
| CVE-2023-51413 | 2024-08-02 | 5.3 Medium | ||
| Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. | ||||
| CVE-2023-51375 | 1 Wpdeveloper | 1 Embedpress | 2024-08-02 | 4.3 Medium |
| Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | ||||
| CVE-2023-51376 | 1 Brainstormforce | 1 Surefeedback | 2024-08-02 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | ||||
| CVE-2023-50976 | 1 Redpanda | 1 Redpanda | 2024-08-02 | 9.8 Critical |
| Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. | ||||
| CVE-2023-50779 | 1 Jenkins | 1 Paaslane Estimate | 2024-08-02 | 4.3 Medium |
| Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. | ||||
| CVE-2023-50769 | 1 Jenkins | 1 Nexus Platform | 2024-08-02 | 4.3 Medium |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-50765 | 1 Jenkins | 1 Scriptler | 2024-08-02 | 4.3 Medium |
| A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | ||||
| CVE-2023-49742 | 2024-08-02 | 9.9 Critical | ||
| Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. | ||||
| CVE-2023-49674 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2024-08-02 | 4.3 Medium |
| A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2023-49620 | 1 Apache | 1 Dolphinscheduler | 2024-08-02 | 6.5 Medium |
| Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability | ||||
| CVE-2023-49654 | 1 Jenkins | 1 Matlab | 2024-08-02 | 9.8 Critical |
| Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system. | ||||
| CVE-2023-49652 | 1 Jenkins | 1 Google Compute Engine | 2024-08-02 | 2.7 Low |
| Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1. | ||||
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-08-02 | 4.3 Medium |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | ||||
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-08-02 | 8.8 High |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | ||||
| CVE-2023-48926 | 1 Prestashop | 1 Advanced Loyalty Program | 2024-08-02 | 5.3 Medium |
| An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. | ||||
| CVE-2023-49003 | 1 Simplemobiletools | 1 Simple Dialer | 2024-08-02 | 5.3 Medium |
| An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | ||||