Total
2156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25935 | 2024-04-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |||||
| CVE-2024-25922 | 2024-04-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | |||||
| CVE-2023-51672 | 2024-04-11 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | |||||
| CVE-2024-24850 | 2024-04-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | |||||
| CVE-2023-27607 | 2024-04-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | |||||
| CVE-2022-47604 | 2024-04-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | |||||
| CVE-2024-25907 | 2024-04-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | |||||
| CVE-2024-25912 | 2024-04-11 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||||
| CVE-2024-31981 | 2024-04-11 | N/A | 9.9 CRITICAL | ||
| XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading. | |||||
| CVE-2024-31987 | 2024-04-11 | N/A | 9.9 CRITICAL | ||
| XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading. | |||||
| CVE-2022-44633 | 2024-04-11 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | |||||
| CVE-2024-31983 | 2024-04-11 | N/A | 9.9 CRITICAL | ||
| XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations. | |||||
| CVE-2024-25908 | 2024-04-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | |||||
| CVE-2024-24883 | 2024-04-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | |||||
| CVE-2024-31997 | 2024-04-11 | N/A | 9.9 CRITICAL | ||
| XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available. | |||||
| CVE-2023-32295 | 2024-04-11 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2. | |||||
| CVE-2024-0570 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-04-11 | 7.5 HIGH | 9.1 CRITICAL |
| A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0569 | 1 Totolink | 2 T8, T8 Firmware | 2024-04-11 | 4.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. | |||||
| CVE-2023-4468 | 1 Poly | 4 Lens, Trio 8800, Trio 8800 Firmware and 1 more | 2024-04-11 | 4.6 MEDIUM | 7.6 HIGH |
| A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. | |||||
| CVE-2022-3007 | 1 Syska | 2 Sw100 Smartwatch, Sw100 Smartwatch Firmware | 2024-04-11 | N/A | 8.1 HIGH |
| The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. | |||||