Total
653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0691 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-08-02 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | ||||
| CVE-2022-0686 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-08-02 | 9.1 Critical |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | ||||
| CVE-2022-0639 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-08-02 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | ||||
| CVE-2022-0624 | 1 Parse-path Project | 1 Parse-path | 2024-08-02 | 7.3 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | ||||
| CVE-2022-0613 | 3 Fedoraproject, Redhat, Uri.js Project | 6 Fedora, Acm, Enterprise Linux and 3 more | 2024-08-02 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | ||||
| CVE-2022-0512 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-08-02 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | ||||
| CVE-2022-0442 | 1 Ayecode | 1 Userswp | 2024-08-02 | 4.3 Medium |
| The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. | ||||
| CVE-2022-0266 | 1 Livehelperchat | 1 Live Helper Chat | 2024-08-02 | 6.6 Medium |
| Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v. | ||||
| CVE-2023-49765 | 1 Blazzdev | 1 Rate My Post | 2024-08-02 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | ||||
| CVE-2023-49112 | 2024-08-02 | 6.5 Medium | ||
| Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even though they have not been granted the necessary rights to do so. This issue affects Kiuwan SAST: <master.1808.p685.q13371 | ||||
| CVE-2023-48783 | 1 Fortinet | 1 Fortiportal | 2024-08-02 | 4.9 Medium |
| An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | ||||
| CVE-2023-48304 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-02 | 4.3 Medium |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, an attacker could enable and disable the birthday calendar for any user on the same server. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available. | ||||
| CVE-2023-47316 | 1 H-mdm | 1 Headwind Mdm | 2024-08-02 | 5.4 Medium |
| Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls. | ||||
| CVE-2023-47191 | 1 Kainelabs | 1 Youzify | 2024-08-02 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | ||||
| CVE-2023-46701 | 1 Mattermost | 1 Mattermost Server | 2024-08-02 | 6.5 Medium |
| Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | ||||
| CVE-2023-46646 | 1 Github | 1 Enterprise Server | 2024-08-02 | 5.3 Medium |
| Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. | ||||
| CVE-2023-46446 | 1 Asyncssh Project | 1 Asyncssh | 2024-08-02 | 6.8 Medium |
| An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | ||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2024-08-02 | 2.7 Low |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | ||||
| CVE-2023-45892 | 1 Floorsightsoftware | 1 Insight | 2024-08-02 | 7.5 High |
| An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | ||||
| CVE-2023-45808 | 2024-08-02 | 4.1 Medium | ||
| iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0. | ||||