Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31244 | 2024-06-10 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | |||||
| CVE-2024-31252 | 2024-06-10 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6. | |||||
| CVE-2023-51494 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. | |||||
| CVE-2024-32820 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2. | |||||
| CVE-2024-30470 | 2024-06-10 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0. | |||||
| CVE-2023-34003 | 2024-06-10 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | |||||
| CVE-2024-32824 | 2024-06-10 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2. | |||||
| CVE-2024-5129 | 2024-06-07 | N/A | 8.2 HIGH | ||
| A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file. | |||||
| CVE-2024-27312 | 2024-06-07 | N/A | 8.1 HIGH | ||
| Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. | |||||
| CVE-2024-31099 | 2024-06-05 | N/A | 6.4 MEDIUM | ||
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | |||||
| CVE-2023-27460 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | |||||
| CVE-2023-26521 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104. | |||||
| CVE-2023-26523 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. | |||||
| CVE-2023-27437 | 2024-06-04 | N/A | 3.7 LOW | ||
| Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf. | |||||
| CVE-2023-28494 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. | |||||
| CVE-2023-28492 | 2024-06-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10. | |||||
| CVE-2024-34803 | 2024-06-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | |||||
| CVE-2019-1170 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-05-29 | 7.2 HIGH | 7.9 HIGH |
| An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by preventing sandboxed processes from creating reparse points targeting inaccessible files. | |||||
| CVE-2024-35237 | 2024-05-28 | N/A | 7.5 HIGH | ||
| MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated. | |||||
| CVE-2024-20355 | 2024-05-22 | N/A | 5.0 MEDIUM | ||
| A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device. This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authenticate using their designated connection profile (tunnel group), intercepting the SAML SSO token that is sent back from the Cisco ASA device, and then submitting the same SAML SSO token to a different tunnel group for authentication. A successful exploit could allow the attacker to establish a remote access VPN session using a connection profile that they are not authorized to use and connect to secured networks behind the affected device that they are not authorized to access. For successful exploitation, the attacker must have valid remote access VPN user credentials. | |||||