Export limit exceeded: 10393 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10562 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10393 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10393 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37220 | 1 Optinly | 1 Optinly | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18. | ||||
| CVE-2024-37218 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. | ||||
| CVE-2024-37214 | 2024-11-01 | 6.5 Medium | ||
| Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | ||||
| CVE-2024-37209 | 2024-11-01 | 6.5 Medium | ||
| Access Control vulnerability in Prism IT Systems User Rights Access Manager allows . This issue affects User Rights Access Manager: from n/a through 1.1.2. | ||||
| CVE-2024-37201 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2. | ||||
| CVE-2024-37123 | 1 Vowelweb | 1 Ibtana | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3. | ||||
| CVE-2024-37106 | 1 Membershipsoftware | 1 Wishlist Member X | 2024-11-01 | 8.2 High |
| Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 | ||||
| CVE-2024-43134 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. | ||||
| CVE-2024-39625 | 1 Icegram | 1 Icegram | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24. | ||||
| CVE-2024-39640 | 1 Quadlayers | 1 Wp Social Feed Gallery | 2024-11-01 | 6.5 Medium |
| Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9. | ||||
| CVE-2024-39664 | 1 Ymc-22 | 1 Filter \& Grids | 2024-11-01 | 7.3 High |
| Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33. | ||||
| CVE-2024-43235 | 2024-11-01 | 7.1 High | ||
| Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10. | ||||
| CVE-2024-43119 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12. | ||||
| CVE-2024-43122 | 2024-11-01 | 6.5 Medium | ||
| Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. | ||||
| CVE-2024-20482 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role. This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration. | ||||
| CVE-2024-49501 | 2024-11-01 | N/A | ||
| Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function. | ||||
| CVE-2024-8691 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-01 | 7.1 High |
| A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker. | ||||
| CVE-2024-42934 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-10-31 | 5 Medium |
| OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | ||||
| CVE-2022-30358 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required. | ||||
| CVE-2022-30356 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege. | ||||