Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30950 | 1 Palantir | 1 Foundry Campaigns | 2024-11-21 | 6.5 Medium |
| The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | ||||
| CVE-2023-30480 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5. | ||||
| CVE-2023-30195 | 1 Lineagrafica | 1 Lgdetailedorder | 2024-11-21 | 7.5 High |
| In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json. | ||||
| CVE-2023-2562 | 1 Gallery-metabox Project | 1 Gallery-metabox | 2024-11-21 | 4.3 Medium |
| The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post. | ||||
| CVE-2023-2480 | 1 M-files | 1 M-files | 2024-11-21 | 7.5 High |
| Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications | ||||
| CVE-2023-2434 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 3.8 Low |
| The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings. | ||||
| CVE-2023-2268 | 1 Plane | 1 Plane | 2024-11-21 | 7.1 High |
| Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. | ||||
| CVE-2023-2174 | 1 Badgeos | 1 Badgeos | 2024-11-21 | 4.3 Medium |
| The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries. | ||||
| CVE-2023-29174 | 2024-11-21 | 6.5 Medium | ||
| Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0. | ||||
| CVE-2023-28775 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. | ||||
| CVE-2023-28673 | 1 Jenkins | 1 Octoperf Load Testing | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-28492 | 2024-11-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10. | ||||
| CVE-2023-27792 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 High |
| An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. | ||||
| CVE-2023-27608 | 2024-11-21 | 6.5 Medium | ||
| Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | ||||
| CVE-2023-27607 | 2024-11-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | ||||
| CVE-2023-27460 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | ||||
| CVE-2023-27437 | 2024-11-21 | 3.7 Low | ||
| Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf. | ||||
| CVE-2023-26562 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.5 Medium |
| In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. | ||||
| CVE-2023-26523 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. | ||||
| CVE-2023-26301 | 1 Hp | 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more | 2024-11-21 | 9.8 Critical |
| Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | ||||