Export limit exceeded: 343383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10388 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43979 | 1 Cozythemes | 1 Blockbooster | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10. | ||||
| CVE-2024-43974 | 1 Cozythemes | 1 Revivenews | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2. | ||||
| CVE-2024-43962 | 1 Lws | 1 Affiliation | 2024-11-08 | 5.4 Medium |
| Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. | ||||
| CVE-2024-43956 | 1 Caseproof | 1 Memberpress | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | ||||
| CVE-2024-43937 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-08 | 6.4 Medium |
| Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | ||||
| CVE-2024-48921 | 2 Kyverno, Nirmata | 2 Kyverno, Kyverno | 2024-11-07 | 2.7 Low |
| Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a random namespace. By design, PolicyExceptions are consumed from any namespace. Administrators may not recognize that this allows users with privileges to non-kyverno namespaces to create exceptions. This vulnerability is fixed in 1.13.0. | ||||
| CVE-2024-49367 | 1 Nginxui | 1 Nginx Ui | 2024-11-07 | 7.5 High |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue. | ||||
| CVE-2024-44082 | 1 Redhat | 3 Openshift, Openshift Ironic, Openstack | 2024-11-07 | 4.3 Medium |
| In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. | ||||
| CVE-2024-21250 | 1 Oracle | 1 Process Manufacturing Product Development | 2024-11-06 | 8.1 High |
| Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-21249 | 1 Oracle | 1 Peoplesoft Enterprise Fin Expenses | 2024-11-06 | 4.3 Medium |
| Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2024-45164 | 1 Akamai | 1 Secure Internet Access Enterprise Threatavert | 2024-11-06 | 4.3 Medium |
| Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement. | ||||
| CVE-2024-43924 | 1 Dfactory | 1 Responsive Lightbox | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | ||||
| CVE-2024-43219 | 1 Woocommerce | 1 Persian-woocommerce | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | ||||
| CVE-2024-43277 | 1 Ayecode | 1 Userswp | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. | ||||
| CVE-2024-43270 | 1 Wpbackitup | 1 Wp Backitup | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||
| CVE-2024-43120 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | ||||
| CVE-2024-43212 | 1 Magepeople | 1 Wptravelly | 2024-11-05 | 7.5 High |
| Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. | ||||
| CVE-2024-43209 | 1 Bitly | 1 Bitly | 2024-11-05 | 6.5 Medium |
| Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. | ||||
| CVE-2024-38745 | 1 Rymera | 1 Wholesale Suite | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12. | ||||
| CVE-2024-38744 | 1 Upqode | 1 Plum | 2024-11-05 | 8.3 High |
| Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0. | ||||