Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32704 | 1 Reputeinfosystems | 1 Arforms | 2024-09-25 | 7.1 High |
| Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. | ||||
| CVE-2024-32703 | 1 Reputeinfosystems | 1 Arforms | 2024-09-25 | 7.7 High |
| Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. | ||||
| CVE-2024-32701 | 1 Instawp | 1 Instawp Connect | 2024-09-25 | 4.3 Medium |
| Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24. | ||||
| CVE-2024-31352 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-09-25 | 5.3 Medium |
| Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13. | ||||
| CVE-2024-31350 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | 4.3 Medium |
| Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. | ||||
| CVE-2023-43135 | 1 Tp-link | 3 Er5120g, Tl-er5120g, Tl-er5120g Firmware | 2024-09-25 | 9.8 Critical |
| There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | ||||
| CVE-2023-44208 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-09-25 | 9.1 Critical |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | ||||
| CVE-2023-43134 | 1 Netis-systems | 3 360r, 360r Firmware, 360rac1200 | 2024-09-25 | 9.8 Critical |
| There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | ||||
| CVE-2023-43501 | 1 Jenkins | 1 Build Failure Analyzer | 2024-09-24 | 6.5 Medium |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | ||||
| CVE-2023-41296 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-24 | 9.1 Critical |
| Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. | ||||
| CVE-2023-5165 | 1 Docker | 1 Docker Desktop | 2024-09-24 | 7.1 High |
| Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | ||||
| CVE-2023-0456 | 1 Redhat | 2 Apicast, Red Hat 3scale Amp | 2024-09-24 | 7.4 High |
| A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | ||||
| CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect Cloud Agent, Macos and 2 more | 2024-09-23 | 7.1 High |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343. | ||||
| CVE-2023-43652 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2024-09-23 | 8.2 High |
| JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-5321 | 1 Hamza417 | 1 Inure | 2024-09-23 | 5.5 Medium |
| Missing Authorization in GitHub repository hamza417/inure prior to build94. | ||||
| CVE-2023-36684 | 1 Brainstormforce | 1 Convert Pro | 2024-09-20 | 7.1 High |
| Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5. | ||||
| CVE-2023-36676 | 1 Brainstormforce | 1 Spectra | 2024-09-20 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | ||||
| CVE-2024-45591 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2024-09-20 | 5.3 Medium |
| XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. | ||||
| CVE-2023-41805 | 1 Brainstormforce | 1 Starter Templates | 2024-09-20 | 6.5 Medium |
| Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5. | ||||
| CVE-2023-44148 | 1 Brainstormforce | 1 Astra | 2024-09-20 | 5.4 Medium |
| Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7. | ||||