Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35672 | 1 Netgsm | 1 Netgsm | 2024-07-11 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19. | |||||
| CVE-2023-32295 | 2024-07-11 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | |||||
| CVE-2024-38353 | 2024-07-11 | N/A | 5.3 MEDIUM | ||
| CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4. | |||||
| CVE-2024-21417 | 2024-07-11 | N/A | 8.8 HIGH | ||
| Windows Text Services Framework Elevation of Privilege Vulnerability | |||||
| CVE-2024-37175 | 2024-07-09 | N/A | 4.3 MEDIUM | ||
| SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information. | |||||
| CVE-2024-39592 | 2024-07-09 | N/A | 7.7 HIGH | ||
| Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. | |||||
| CVE-2024-37172 | 2024-07-09 | N/A | 5.4 MEDIUM | ||
| SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity. | |||||
| CVE-2024-39596 | 2024-07-09 | N/A | 4.3 MEDIUM | ||
| Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application. | |||||
| CVE-2024-37542 | 2024-07-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | |||||
| CVE-2024-37903 | 2024-07-08 | N/A | 8.2 HIGH | ||
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue. | |||||
| CVE-2024-34804 | 2024-07-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | |||||
| CVE-2024-5545 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-07-05 | N/A | 5.3 MEDIUM |
| The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages. | |||||
| CVE-2024-1634 | 1 Startbooking | 1 Scheduling Plugin - Online Booking | 2024-07-05 | N/A | 6.5 MEDIUM |
| The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data. | |||||
| CVE-2024-36113 | 2024-07-05 | N/A | 4.9 MEDIUM | ||
| Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available. | |||||
| CVE-2024-6375 | 1 Mongodb | 1 Mongodb | 2024-07-03 | N/A | 6.5 MEDIUM |
| A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3. | |||||
| CVE-2024-4163 | 2024-07-03 | N/A | 8.0 HIGH | ||
| The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway. | |||||
| CVE-2024-3893 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements. | |||||
| CVE-2024-34146 | 2024-07-03 | N/A | 6.5 MEDIUM | ||
| Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | |||||
| CVE-2024-32715 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||||
| CVE-2024-22151 | 2024-07-03 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6. | |||||