Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3315 | 1 Jenkins | 1 Team Concert | 2024-12-11 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2024-11840 | 2024-12-11 | N/A | 7.1 HIGH | ||
| The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks. | |||||
| CVE-2024-54269 | 2024-12-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4. | |||||
| CVE-2024-11401 | 2024-12-11 | N/A | N/A | ||
| Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024. | |||||
| CVE-2024-47585 | 2024-12-10 | N/A | 4.3 MEDIUM | ||
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality. | |||||
| CVE-2024-47581 | 2024-12-10 | N/A | 4.3 MEDIUM | ||
| SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted. | |||||
| CVE-2024-54218 | 2024-12-09 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Thehp AIO Contact.This issue affects AIO Contact: from n/a through 2.8.1. | |||||
| CVE-2024-52391 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | |||||
| CVE-2024-54254 | 2024-12-09 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3. | |||||
| CVE-2024-54251 | 2024-12-09 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Prodigy Commerce Prodigy Commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through 3.0.9. | |||||
| CVE-2024-54227 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in theDotstore Minimum and Maximum Quantity for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through 2.0.0. | |||||
| CVE-2024-54217 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.1. | |||||
| CVE-2024-53819 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.0. | |||||
| CVE-2024-53798 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in BAKKBONE Australia FloristPress.This issue affects FloristPress: from n/a through 7.3.0. | |||||
| CVE-2024-53785 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1. | |||||
| CVE-2023-51362 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Premio All-in-one Floating Contact Form – My Sticky Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All-in-one Floating Contact Form – My Sticky Elements: from n/a through 2.1.3. | |||||
| CVE-2023-51357 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through 6.5.0. | |||||
| CVE-2023-51355 | 2024-12-09 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in MultiVendorX WC Marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Marketplace: from n/a through 4.0.23. | |||||
| CVE-2023-51353 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | |||||
| CVE-2023-50899 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2. | |||||