Total
2193 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-30195 | 1 Lineagrafica | 1 Lgdetailedorder | 2023-12-10 | N/A | 7.5 HIGH |
In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. | |||||
CVE-2023-30914 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-2590 | 1 Answer | 1 Answer | 2023-12-10 | N/A | 3.5 LOW |
Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | |||||
CVE-2023-21015 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778 | |||||
CVE-2023-1903 | 1 Sap | 1 Hcm Fiori App My Forms | 2023-12-10 | N/A | 4.3 MEDIUM |
SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data. | |||||
CVE-2021-4338 | 1 Duckdev | 1 404 To 301 | 2023-12-10 | N/A | 5.4 MEDIUM |
The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections. | |||||
CVE-2019-25139 | 1 Wpshopmart | 1 Coming Soon Page \& Maintenance Mode | 2023-12-10 | N/A | 5.3 MEDIUM |
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset. | |||||
CVE-2023-21029 | 1 Google | 1 Android | 2023-12-10 | N/A | 5.5 MEDIUM |
In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 | |||||
CVE-2023-2791 | 1 Mattermost | 1 Mattermost | 2023-12-10 | N/A | 4.3 MEDIUM |
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | |||||
CVE-2023-30866 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2021-4374 | 1 Valvepress | 1 Wordpress Automatic Plugin | 2023-12-10 | N/A | 9.8 CRITICAL |
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site. | |||||
CVE-2022-46850 | 1 Easy Media Replace Project | 1 Easy Media Replace | 2023-12-10 | N/A | 8.1 HIGH |
Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | |||||
CVE-2023-2545 | 1 Featherplugins | 1 Feather Login Page | 2023-12-10 | N/A | 8.8 HIGH |
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation. | |||||
CVE-2023-20899 | 1 Vmware | 2 Sd-wan Edge, Sd-wan Edge Firmware | 2023-12-10 | N/A | 7.5 HIGH |
VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | |||||
CVE-2023-30925 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
CVE-2023-33968 | 1 Kanboard | 1 Kanboard | 2023-12-10 | N/A | 5.4 MEDIUM |
Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-20726 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2731 and 60 more | 2023-12-10 | N/A | 3.3 LOW |
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). | |||||
CVE-2022-47490 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 5.5 MEDIUM |
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
CVE-2020-36702 | 1 Brainstormforce | 1 Spectra | 2023-12-10 | N/A | 4.3 MEDIUM |
The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings. | |||||
CVE-2021-4350 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2023-12-10 | N/A | 5.3 MEDIUM |
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay. |