Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1551 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2023-11-07 | N/A | 6.5 MEDIUM |
| The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | |||||
| CVE-2021-24238 | 1 Purethemes | 2 Findeo, Realteo | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter. | |||||
| CVE-2021-24215 | 1 Wpruby | 1 Controlled Admin Access | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. | |||||
| CVE-2020-35391 | 1 Tenda | 2 F3, F3 Firmware | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior. | |||||
| CVE-2018-6669 | 1 Mcafee | 1 Application Change Control | 2023-11-07 | 5.2 MEDIUM | 8.0 HIGH |
| A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. | |||||
| CVE-2018-18922 | 1 Abisoftgt | 1 Ticketly | 2023-11-07 | 5.0 MEDIUM | 9.8 CRITICAL |
| add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request. | |||||
| CVE-2021-24831 | 1 Rich-web | 1 Tab | 2023-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | |||||
| CVE-2022-40845 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-08-08 | N/A | 6.5 MEDIUM |
| The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | |||||
| CVE-2022-26279 | 1 Eyoucms | 1 Eyoucms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. | |||||
| CVE-2022-45276 | 1 Eyunjing | 1 Yjcms | 2023-08-08 | N/A | 9.8 CRITICAL |
| An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | |||||
| CVE-2021-40616 | 1 Thinkcmf | 1 Thinkcmf | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. | |||||
| CVE-2022-26653 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an administrator). | |||||
| CVE-2022-26777 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details. | |||||
| CVE-2022-34573 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-08-08 | N/A | 6.3 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. | |||||
| CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page. | |||||
| CVE-2021-42748 | 1 Fastlinemedia | 1 Beaver Builder | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. | |||||
| CVE-2022-34571 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-08-08 | N/A | 8.0 HIGH |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. | |||||
| CVE-2022-42953 | 1 Zkteco | 20 Zem500, Zem500 Firmware, Zem510 and 17 more | 2023-08-08 | N/A | 7.5 HIGH |
| Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210). | |||||
| CVE-2022-34574 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-08-08 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. | |||||
| CVE-2022-47700 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2023-08-08 | N/A | 7.5 HIGH |
| COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication. | |||||