Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30466 | 1 Onthegosystems | 1 Woocommerce Multilingual \& Multicurrency | 2024-10-08 | 5.4 Medium |
| Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4. | ||||
| CVE-2024-30470 | 1 Yithemes | 1 Woocommerce Account Funds | 2024-10-08 | 6.5 Medium |
| Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0. | ||||
| CVE-2023-39438 | 1 Sap | 1 Contributor License Agreement Assistant | 2024-10-08 | 8.1 High |
| A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses. | ||||
| CVE-2023-39507 | 1 Recruit | 1 Rikunabi Next | 2024-10-08 | 6.1 Medium |
| Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website. | ||||
| CVE-2023-40344 | 1 Jenkins | 1 Delphix | 2024-10-08 | 4.3 Medium |
| A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-38494 | 1 Metersphere | 1 Metersphere | 2024-10-08 | 5.9 Medium |
| MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue. | ||||
| CVE-2023-37492 | 1 Sap | 1 Netweaver Application Server Abap | 2024-10-08 | 4.9 Medium |
| SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack. | ||||
| CVE-2024-21417 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-08 | 8.8 High |
| Windows Text Services Framework Elevation of Privilege Vulnerability | ||||
| CVE-2024-20477 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-08 | 5.4 Medium |
| A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. | ||||
| CVE-2024-20438 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-08 | 6.3 Medium |
| A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | ||||
| CVE-2024-20442 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2024-10-07 | 5.4 Medium |
| A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. | ||||
| CVE-2024-30515 | 1 Pixelite | 1 Events Manager | 2024-10-07 | 4.3 Medium |
| Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4. | ||||
| CVE-2024-30517 | 1 Slicedinvoices | 1 Sliced Invoices | 2024-10-07 | 4.3 Medium |
| Missing Authorization vulnerability in Sliced Invoices.This issue affects Sliced Invoices: from n/a through 3.9.2. | ||||
| CVE-2024-9161 | 2024-10-07 | 6.5 Medium | ||
| The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators. | ||||
| CVE-2024-6845 | 1 Smartsearchwp | 2 Chatbot With Chatgpt Wordpress, Smartsearchwp | 2024-10-07 | 5.3 Medium |
| The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key | ||||
| CVE-2024-30512 | 1 Weformspro | 1 Weforms | 2024-10-07 | 3.7 Low |
| Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20. | ||||
| CVE-2024-30485 | 1 Xlplugins | 1 Finale | 2024-10-07 | 8.8 High |
| Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | ||||
| CVE-2023-23640 | 1 Mainwp | 1 Updraftplus Extension | 2024-10-05 | 5.4 Medium |
| Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6. | ||||
| CVE-2024-31294 | 1 Androidbubble | 1 Wp Sort Order | 2024-10-05 | 4.3 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1. | ||||
| CVE-2024-31246 | 1 Wpxpo | 1 Postx | 2024-10-05 | 5.4 Medium |
| Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3. | ||||