Total
2147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2023-21173 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
| In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | |||||
| CVE-2023-30922 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30915 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-2714 | 1 Groundhogg | 1 Groundhogg | 2023-12-10 | N/A | 4.3 MEDIUM |
| The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key. | |||||
| CVE-2022-48390 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
| In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2023-2189 | 1 Staxwp | 1 Stax | 2023-12-10 | N/A | 4.3 MEDIUM |
| The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets. | |||||
| CVE-2022-48448 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2023-30521 | 1 Jenkins | 1 Assembla Merge Request Builder | 2023-12-10 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30921 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-0335 | 1 Wpvar | 1 Wp Shamsi | 2023-12-10 | N/A | 6.5 MEDIUM |
| The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. | |||||
| CVE-2021-4375 | 1 Collne | 1 Welcart E-commerce | 2023-12-10 | N/A | 4.3 MEDIUM |
| The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings. | |||||
| CVE-2022-48250 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2023-20959 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
| In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848 | |||||
| CVE-2023-0336 | 1 Ooohboi Steroids For Elementor Project | 1 Ooohboi Steroids For Elementor | 2023-12-10 | N/A | 6.5 MEDIUM |
| The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. | |||||
| CVE-2021-4370 | 1 Stylemixthemes | 1 Ulisting | 2023-12-10 | N/A | 9.8 CRITICAL |
| The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection. | |||||
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2023-12-10 | N/A | 8.8 HIGH |
| POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | |||||
| CVE-2023-20773 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2023-12-10 | N/A | 7.8 HIGH |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735. | |||||
| CVE-2023-22813 | 1 Westerndigital | 4 My Cloud, My Cloud Home, My Cloud Os 5 and 1 more | 2023-12-10 | N/A | 4.3 MEDIUM |
| A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126. | |||||
| CVE-2023-2716 | 1 Groundhogg | 1 Groundhogg | 2023-12-10 | N/A | 5.4 MEDIUM |
| The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact. | |||||