Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | ||||
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | ||||
| CVE-2023-49003 | 1 Simplemobiletools | 1 Simple Dialer | 2024-11-21 | 5.3 Medium |
| An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. | ||||
| CVE-2023-48761 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 6.3 Medium |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||||
| CVE-2023-48760 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 8.2 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||||
| CVE-2023-48759 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 7.5 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13. | ||||
| CVE-2023-48751 | 1 Xnau | 1 Participants Database | 2024-11-21 | 4.3 Medium |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects Participants Database: from n/a through 2.5.5. | ||||
| CVE-2023-48684 | 2024-11-21 | N/A | ||
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758. | ||||
| CVE-2023-48417 | 1 Google | 2 Chromecast, Chromecast Firmware | 2024-11-21 | 9.8 Critical |
| Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application | ||||
| CVE-2023-48402 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-48375 | 1 Csharp | 1 Cws Collaborative Development Platform | 2024-11-21 | 8.8 High |
| SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service. | ||||
| CVE-2023-48280 | 2024-11-21 | 7.5 High | ||
| Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1. | ||||
| CVE-2023-48222 | 1 Pagerduty | 1 Rundeck | 2024-11-21 | 8.1 High |
| Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-47870 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. | ||||
| CVE-2023-47828 | 1 Millermedia | 1 Mandrill | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | ||||
| CVE-2023-47783 | 2024-11-21 | 8.3 High | ||
| Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | ||||
| CVE-2023-47771 | 2024-11-21 | 8.3 High | ||
| Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18. | ||||
| CVE-2023-47757 | 1 Aweber | 1 Aweber | 2024-11-21 | 4.3 Medium |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. | ||||
| CVE-2023-47754 | 1 Cleverplugins | 1 Delete Duplicate Posts | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9. | ||||
| CVE-2023-47681 | 2024-11-21 | 6.5 Medium | ||
| Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. | ||||