Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | ||||
| CVE-2024-22156 | 1 Snpdigital | 1 Salesking Wordpress | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||||
| CVE-2024-21864 | 2024-11-21 | 7.8 High | ||
| Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access. | ||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | ||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | ||||
| CVE-2024-20828 | 1 Samsung | 1 Internet | 2024-11-21 | 2.4 Low |
| Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | ||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2024-11-21 | 4.3 Medium |
| The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings. | ||||
| CVE-2024-1804 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | 4.3 Medium |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. | ||||
| CVE-2024-1798 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | 5.3 Medium |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. | ||||
| CVE-2024-1689 | 1 Themefarmer | 1 Woocommerce Tools | 2024-11-21 | 5.3 Medium |
| The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules. | ||||
| CVE-2024-1639 | 1 Wpexperts | 1 License Manager For Woocommerce | 2024-11-21 | 6.5 Medium |
| The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admin dashboard access (contributors by default due to WooCommerce) to view arbitrary decrypted license keys. The functions contain a referrer nonce check. However, these can be retrieved via the dashboard through the "license" JS variable. | ||||
| CVE-2024-1350 | 2024-11-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | ||||
| CVE-2024-1177 | 1 Wpclubmanager | 1 Wp Club Manager | 2024-11-21 | 5.3 Medium |
| The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | ||||
| CVE-2024-1175 | 2 Plechevandrey, Wppost | 2 Wp-recall, Wp-recall | 2024-11-21 | 5.3 Medium |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments. | ||||
| CVE-2024-1137 | 2024-11-21 | 4.3 Medium | ||
| The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. | ||||
| CVE-2024-1122 | 1 Themewinter | 1 Eventin | 2024-11-21 | 5.3 Medium |
| The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | ||||
| CVE-2024-1121 | 1 Hookturn | 1 Advanced Forms For Acf | 2024-11-21 | 5.3 Medium |
| The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. | ||||
| CVE-2024-1109 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | 5.3 Medium |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | ||||
| CVE-2024-1092 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2024-11-21 | 4.3 Medium |
| The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. | ||||
| CVE-2024-1079 | 1 Ays-pro | 1 Quiz Maker | 2024-11-21 | 5.3 Medium |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | ||||