Total
2257 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-44633 | 2024-04-11 | N/A | 6.5 MEDIUM | ||
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | |||||
CVE-2024-31983 | 2024-04-11 | N/A | 9.9 CRITICAL | ||
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations. | |||||
CVE-2024-25908 | 2024-04-11 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | |||||
CVE-2024-24883 | 2024-04-11 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | |||||
CVE-2024-31997 | 2024-04-11 | N/A | 9.9 CRITICAL | ||
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available. | |||||
CVE-2023-32295 | 2024-04-11 | N/A | 6.3 MEDIUM | ||
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2. | |||||
CVE-2024-31343 | 2024-04-10 | N/A | 7.5 HIGH | ||
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | |||||
CVE-2024-31358 | 2024-04-10 | N/A | 7.5 HIGH | ||
Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67. | |||||
CVE-2024-31230 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. | |||||
CVE-2024-31342 | 2024-04-10 | N/A | 6.5 MEDIUM | ||
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. | |||||
CVE-2024-31242 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | |||||
CVE-2024-31297 | 2024-04-10 | N/A | 7.5 HIGH | ||
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||||
CVE-2024-30217 | 2024-04-09 | N/A | 4.3 MEDIUM | ||
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. | |||||
CVE-2024-28167 | 2024-04-09 | N/A | 6.5 MEDIUM | ||
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction. | |||||
CVE-2024-31366 | 2024-04-09 | N/A | 7.1 HIGH | ||
Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | |||||
CVE-2024-31368 | 2024-04-09 | N/A | 6.5 MEDIUM | ||
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | |||||
CVE-2024-31367 | 2024-04-09 | N/A | 7.1 HIGH | ||
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | |||||
CVE-2024-30216 | 2024-04-09 | N/A | 4.3 MEDIUM | ||
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted. | |||||
CVE-2024-27910 | 2024-04-08 | N/A | 5.3 MEDIUM | ||
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. | |||||
CVE-2024-27911 | 2024-04-08 | N/A | 7.5 HIGH | ||
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. |