Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-12-30 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | |||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2023-12-30 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | |||||
| CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2023-12-30 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | |||||
| CVE-2023-6929 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2023-12-29 | N/A | 9.8 CRITICAL |
| EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. | |||||
| CVE-2023-46646 | 1 Github | 1 Enterprise Server | 2023-12-29 | N/A | 5.3 MEDIUM |
| Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. | |||||
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2023-12-29 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2023-12-29 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | |||||
| CVE-2022-43450 | 1 Xwp | 1 Stream | 2023-12-29 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |||||
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2023-12-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2023-12-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |||||
| CVE-2021-38624 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | |||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2023-12-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | |||||
| CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2023-12-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | |||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2023-12-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | |||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2023-12-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
| CVE-2023-46446 | 1 Asyncssh Project | 1 Asyncssh | 2023-12-22 | N/A | 6.8 MEDIUM |
| An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." | |||||
| CVE-2023-44249 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-12-21 | N/A | 6.5 MEDIUM |
| An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | |||||
| CVE-2023-48641 | 1 Archerirm | 1 Archer | 2023-12-15 | N/A | 8.8 HIGH |
| Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources. | |||||
| CVE-2023-46701 | 1 Mattermost | 1 Mattermost Server | 2023-12-14 | N/A | 5.3 MEDIUM |
| Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | |||||
| CVE-2023-6341 | 1 Catalisgov | 1 Cms360 | 2023-12-08 | N/A | 5.3 MEDIUM |
| Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | |||||