Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51377 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3. | |||||
| CVE-2023-51376 | 1 Brainstormforce | 1 Surefeedback | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | |||||
| CVE-2023-51375 | 1 Wpdeveloper | 1 Embedpress | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | |||||
| CVE-2023-50976 | 1 Redpanda | 1 Redpanda | 2024-11-21 | N/A | 9.8 CRITICAL |
| Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. | |||||
| CVE-2023-50779 | 1 Jenkins | 1 Paaslane Estimate | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. | |||||
| CVE-2023-50769 | 1 Jenkins | 1 Nexus Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-50767 | 1 Jenkins | 1 Nexus Platform | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | |||||
| CVE-2023-50765 | 1 Jenkins | 1 Scriptler | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | |||||
| CVE-2023-4943 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2024-11-21 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | |||||
| CVE-2023-4941 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2024-11-21 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | |||||
| CVE-2023-4938 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2024-11-21 | N/A | 4.3 MEDIUM |
| The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | |||||
| CVE-2023-4895 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of projects | |||||
| CVE-2023-4700 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.5 LOW |
| An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | |||||
| CVE-2023-4668 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths. | |||||
| CVE-2023-4645 | 1 Igorfuna | 1 Ad Inserter | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled. | |||||
| CVE-2023-4637 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID. | |||||
| CVE-2023-4630 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.0 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. | |||||
| CVE-2023-4606 | 1 Lenovo | 104 Thinkagile Hx1331, Thinkagile Hx1331 Firmware, Thinkagile Hx2330 and 101 more | 2024-11-21 | N/A | 8.1 HIGH |
| An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | |||||
| CVE-2023-4468 | 1 Poly | 4 Lens, Trio 8800, Trio 8800 Firmware and 1 more | 2024-11-21 | 4.6 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability. | |||||
| CVE-2023-4434 | 1 Hamza417 | 1 Inure | 2024-11-21 | N/A | 6.1 MEDIUM |
| Missing Authorization in GitHub repository hamza417/inure prior to build88. | |||||