Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35164 | 1 Dataease | 1 Dataease | 2023-07-05 | N/A | 6.5 MEDIUM |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2023-07-04 | N/A | 8.8 HIGH |
| POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | |||||
| CVE-2022-2377 | 1 Wpwax | 1 Directorist | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | |||||
| CVE-2023-21177 | 1 Google | 1 Android | 2023-06-30 | N/A | 5.5 MEDIUM |
| In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410 | |||||
| CVE-2022-2382 | 1 Shapedplugin | 1 Product Slider For Woocommerce | 2023-06-30 | N/A | 4.3 MEDIUM |
| The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. | |||||
| CVE-2023-21173 | 1 Google | 1 Android | 2023-06-30 | N/A | 5.5 MEDIUM |
| In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | |||||
| CVE-2022-2405 | 1 Themehunk | 1 Wp Popup Builder | 2023-06-30 | N/A | 4.3 MEDIUM |
| The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | |||||
| CVE-2023-34165 | 1 Huawei | 1 Harmonyos | 2023-06-30 | N/A | 5.3 MEDIUM |
| Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | |||||
| CVE-2023-21149 | 1 Google | 1 Android | 2023-06-30 | N/A | 7.8 HIGH |
| In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A | |||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2023-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | |||||
| CVE-2022-0932 | 1 Saleor | 1 Saleor | 2023-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. | |||||
| CVE-2022-0905 | 1 Gitea | 1 Gitea | 2023-06-29 | 5.5 MEDIUM | 7.1 HIGH |
| Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | |||||
| CVE-2022-0871 | 1 Gogs | 1 Gogs | 2023-06-29 | 5.8 MEDIUM | 9.1 CRITICAL |
| Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0756 | 1 Salesagility | 1 Suitecrm | 2023-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2023-06-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2023-06-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2023-06-29 | 4.9 MEDIUM | 5.4 MEDIUM |
| snipe-it is vulnerable to Missing Authorization | |||||
| CVE-2023-35093 | 1 Stylemixthemes | 1 Masterstudy Lms | 2023-06-28 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | |||||
| CVE-2022-30731 | 1 Samsung | 1 My Files | 2023-06-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. | |||||
| CVE-2022-23642 | 1 Sourcegraph | 1 Sourcegraph | 2023-06-27 | 6.0 MEDIUM | 8.8 HIGH |
| Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected. | |||||