Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41943 | 1 Jenkins | 1 Aws Codecommit Trigger | 2024-09-26 | 6.5 Medium |
| Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | ||||
| CVE-2023-41947 | 1 Jenkins | 1 Frugal Testing | 2024-09-26 | 4.3 Medium |
| A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials. | ||||
| CVE-2024-8480 | 1 Sirv | 1 Sirv | 2024-09-26 | 8.8 High |
| The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2023-39073 | 1 Voltronicpower | 1 Snmp Web Pro | 2024-09-26 | 9.8 Critical |
| An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request. | ||||
| CVE-2023-40040 | 3 Android, Google, Mycrops | 3 Mycrops Higrade, Android, Higrade | 2024-09-26 | 5.3 Medium |
| An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. | ||||
| CVE-2024-8369 | 1 Metagauss | 1 Eventprime | 2024-09-26 | 5.3 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events. | ||||
| CVE-2023-36140 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-09-26 | 9.8 Critical |
| In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | ||||
| CVE-2023-4104 | 1 Mozilla | 1 Vpn | 2024-09-26 | 5.5 Medium |
| An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1. | ||||
| CVE-2023-35665 | 1 Google | 1 Android | 2024-09-26 | 7.8 High |
| In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31423 | 2 Alex Volkov, Volkov | 2 Wp Accessibility Helper, Wp Accessibility Helper | 2024-09-26 | 4.3 Medium |
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5. | ||||
| CVE-2024-31359 | 1 Premmerce | 1 Premmerce Product Filter For Woocommerce | 2024-09-26 | 4.3 Medium |
| Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2. | ||||
| CVE-2024-47337 | 2024-09-26 | 4.3 Medium | ||
| Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1. | ||||
| CVE-2024-8437 | 2024-09-26 | 4.3 Medium | ||
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries. | ||||
| CVE-2023-42469 | 1 Fulldive | 1 Full Dialer | 2024-09-25 | 3.3 Low |
| The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component. | ||||
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-09-25 | 4.3 Medium |
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | ||||
| CVE-2023-40625 | 1 Sap | 1 S4core | 2024-09-25 | 5.4 Medium |
| S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system. | ||||
| CVE-2024-23524 | 1 Ontraport | 1 Pilotpress | 2024-09-25 | 5.3 Medium |
| Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30. | ||||
| CVE-2024-35720 | 1 Awplife | 1 Album Gallery | 2024-09-25 | 4.3 Medium |
| Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7. | ||||
| CVE-2024-35717 | 1 Awplife | 1 Media Slider | 2024-09-25 | 4.3 Medium |
| Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9. | ||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-09-25 | 5.4 Medium |
| Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | ||||