Total
4883 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48273 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2. | |||||
| CVE-2023-48247 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-48245 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-47870 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. | |||||
| CVE-2023-47828 | 1 Millermedia | 1 Mandrill | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | |||||
| CVE-2023-47788 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7. | |||||
| CVE-2023-47783 | 2024-11-21 | N/A | 8.3 HIGH | ||
| Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | |||||
| CVE-2023-47771 | 2024-11-21 | N/A | 8.3 HIGH | ||
| Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18. | |||||
| CVE-2023-47754 | 1 Cleverplugins | 1 Delete Duplicate Posts | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9. | |||||
| CVE-2023-47681 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0. | |||||
| CVE-2023-47573 | 1 Relyum | 4 Rely-pcie, Rely-pcie Firmware, Rely-rec and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions. | |||||
| CVE-2023-47148 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | |||||
| CVE-2023-46652 | 1 Jenkins | 1 Lambdatest-automation | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | |||||
| CVE-2023-46354 | 1 Myprestamodules | 1 Orders \(csv\, Excel\) Export Pro | 2024-11-21 | N/A | 7.5 HIGH |
| In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address. | |||||
| CVE-2023-46352 | 1 Smartmodules | 1 Facebookconversiontrackingplus | 2024-11-21 | N/A | 7.5 HIGH |
| In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email. | |||||
| CVE-2023-46212 | 1 Wpvnteam | 1 Wp Extra | 2024-11-21 | N/A | 6.3 MEDIUM |
| Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2. | |||||
| CVE-2023-46148 | 1 Themify | 1 Ultra | 2024-11-21 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-46146 | 1 Themify | 1 Ultra | 2024-11-21 | N/A | 8.3 HIGH |
| Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-45658 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3. | |||||
| CVE-2023-45370 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | |||||