Total
837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-21 | N/A | 5.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | |||||
| CVE-2023-41368 | 1 Sap | 1 S\/4 Hana | 2024-11-21 | N/A | 2.7 LOW |
| The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call. | |||||
| CVE-2023-41356 | 1 Wisdomgarden | 1 Tronclass Ilearn | 2024-11-21 | N/A | 6.5 MEDIUM |
| NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | |||||
| CVE-2023-40720 | 1 Fortinet | 1 Fortivoice | 2024-11-21 | N/A | 7.1 HIGH |
| An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests. | |||||
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 6.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-3290 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 5.0 MEDIUM |
| A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. | |||||
| CVE-2023-3289 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 7.7 HIGH |
| A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation. | |||||
| CVE-2023-3288 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 8.5 HIGH |
| A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. | |||||
| CVE-2023-3287 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
| A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. | |||||
| CVE-2023-3286 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 7.7 HIGH |
| A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation. | |||||
| CVE-2023-3285 | 2024-11-21 | N/A | 7.7 HIGH | ||
| A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation. | |||||
| CVE-2023-3219 | 1 Myeventon | 1 Eventon | 2024-11-21 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post. | |||||
| CVE-2023-3066 | 1 Mobatime | 1 Amxgt 100 | 2024-11-21 | N/A | 8.1 HIGH |
| Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | |||||
| CVE-2023-3048 | 1 Tmtmakine | 2 Lockcell, Lockcell Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15. | |||||
| CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | |||||
| CVE-2023-38884 | 1 Os4ed | 1 Opensis | 2024-11-21 | N/A | 7.5 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | |||||
| CVE-2023-38872 | 1 Economizzer | 1 Economizzer | 2024-11-21 | N/A | 3.7 LOW |
| An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | |||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | |||||
| CVE-2023-38201 | 3 Fedoraproject, Keylime, Redhat | 9 Fedora, Keylime, Enterprise Linux and 6 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. | |||||
| CVE-2023-38055 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.6 CRITICAL |
| A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | |||||