Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2906 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.
|
|||||
| CVE-2024-2882 | 2024-11-21 | N/A | N/A | ||
|
SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.
|
|||||
| CVE-2024-2544 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | N/A | 7.4 HIGH |
|
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks.
|
|||||
| CVE-2024-2017 | 1 Edmonsoft | 1 Countdown Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.
|
|||||
| CVE-2024-28167 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.
|
|||||
| CVE-2024-28003 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.
|
|||||
| CVE-2024-27970 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0.
|
|||||
| CVE-2024-27911 | 2024-11-21 | N/A | 7.5 HIGH | ||
|
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.
|
|||||
| CVE-2024-27910 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication.
|
|||||
| CVE-2024-25929 | 1 Multivendorx | 1 Product Catalog Mode For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.
|
|||||
| CVE-2024-25922 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9.
|
|||||
| CVE-2024-25912 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
|
|||||
| CVE-2024-25911 | 2024-11-21 | N/A | 8.6 HIGH | ||
|
Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2.
|
|||||
| CVE-2024-25908 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
|
|||||
| CVE-2024-25907 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
|
|||||
| CVE-2024-25643 | 1 Sap | 1 Fiori | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.
|
|||||
| CVE-2024-25092 | 1 Xlplugins | 1 Nextmove | 2024-11-21 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
|
|||||
| CVE-2024-24850 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
|
|||||
| CVE-2024-24822 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.
|
|||||
| CVE-2024-24805 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2.
|
|||||
| CVE-2024-24741 | 1 Sap | 1 Master Data Governance For Material Data | 2024-11-21 | N/A | 4.3 MEDIUM |
|
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.
|
|||||
| CVE-2024-24739 | 1 Sap | 1 Bank Account Management | 2024-11-21 | N/A | 6.3 MEDIUM |
|
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.
|
|||||
| CVE-2024-24719 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9.
|
|||||
| CVE-2024-24716 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6.
|
|||||
| CVE-2024-24711 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
|
|||||
| CVE-2024-24710 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in SlickRemix Feed Them Social.This issue affects Feed Them Social: from n/a through 4.2.0.
|
|||||
| CVE-2024-24704 | 1 Addonmaster | 1 Load More Anything | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.
|
|||||
| CVE-2024-24703 | 2024-11-21 | N/A | 8.6 HIGH | ||
|
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25.
|
|||||
| CVE-2024-23524 | 1 Ontraport | 1 Pilotpress | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.
|
|||||
| CVE-2024-23521 | 1 Happyforms | 1 Happyforms | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10.
|
|||||
| CVE-2024-23518 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6.
|
|||||
| CVE-2024-23504 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5.
|
|||||
| CVE-2024-23503 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6.
|
|||||
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28.
|
|||||
| CVE-2024-22156 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.
|
|||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.
|
|||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.
|
|||||
| CVE-2024-21630 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only ...
Show More |
|||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings.
|
|||||
| CVE-2024-1804 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | N/A | 4.3 MEDIUM |
|
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
|
|||||