Total
3276 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43962 | 1 Lws | 1 Affiliation | 2024-11-08 | 5.4 Medium |
| Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. | ||||
| CVE-2024-43956 | 1 Caseproof | 1 Memberpress | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | ||||
| CVE-2024-10824 | 2024-11-08 | N/A | ||
| An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token (PAT) and required that secret scanning be enabled on user-owned repositories. This vulnerability affected GitHub Enterprise Server versions after 3.13.0 but prior to 3.14.0 and was fixed in version 3.13.2. | ||||
| CVE-2024-43431 | 1 Moodle | 1 Moodle | 2024-11-08 | 7.5 High |
| A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access. | ||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2024-11-08 | 3 Low |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | ||||
| CVE-2024-43937 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-08 | 6.4 Medium |
| Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | ||||
| CVE-2024-7429 | 1 Katieseaborn | 1 Zotpress | 2024-11-08 | 4.3 Medium |
| The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings. | ||||
| CVE-2024-1177 | 1 Wpclubmanager | 1 Wp Club Manager | 2024-11-07 | 5.3 Medium |
| The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | ||||
| CVE-2024-24822 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-07 | 6.5 Medium |
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. | ||||
| CVE-2023-22834 | 1 Palantir | 1 Contour | 2024-11-07 | 2.7 Low |
| The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. | ||||
| CVE-2024-50456 | 1 Seopress | 1 Seopress | 2024-11-07 | 5.4 Medium |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | ||||
| CVE-2024-50455 | 1 Seopress | 1 Seopress | 2024-11-07 | 4.3 Medium |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | ||||
| CVE-2023-43846 | 1 Aten | 1 Pe6208 Firmware | 2024-11-07 | 5.3 Medium |
| Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infrastructure. This information may help the attackers to conduct further attacks in the infrastructure. | ||||
| CVE-2023-37944 | 1 Jenkins | 1 Datadog | 2024-11-07 | 6.5 Medium |
| A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-37945 | 1 Jenkins | 1 Saml Single Sign On | 2024-11-07 | 4.3 Medium |
| A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm. | ||||
| CVE-2023-37953 | 1 Jenkins | 1 Mabl | 2024-11-07 | 6.5 Medium |
| A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2024-49367 | 1 Nginxui | 1 Nginx Ui | 2024-11-07 | 7.5 High |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue. | ||||
| CVE-2023-37959 | 1 Jenkins | 1 Sumologic Publisher | 2024-11-07 | 6.5 Medium |
| A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2024-44082 | 1 Redhat | 2 Openshift, Openshift Ironic | 2024-11-07 | 4.3 Medium |
| In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. | ||||
| CVE-2024-50459 | 1 Hmplugin | 2 Accept Stripe Donation - Aidwp, Aidwp | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | ||||