Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27963 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-01-29 | N/A | 7.5 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. | |||||
| CVE-2024-9161 | 1 Rankmath | 1 Seo | 2025-01-29 | N/A | 6.5 MEDIUM |
| The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators. | |||||
| CVE-2024-10294 | 1 Ce21 | 1 Ce21 Suite | 2025-01-29 | N/A | 6.5 MEDIUM |
| The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings. | |||||
| CVE-2024-32714 | 1 Kodezen | 1 Academy Lms | 2025-01-29 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. | |||||
| CVE-2024-9587 | 1 Linkz.ai | 1 Linkz.ai | 2025-01-29 | N/A | 5.4 MEDIUM |
| The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings. | |||||
| CVE-2024-9586 | 1 Linkz.ai | 1 Linkz.ai | 2025-01-29 | N/A | 6.5 MEDIUM |
| The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings. | |||||
| CVE-2023-31047 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2025-01-29 | N/A | 9.8 CRITICAL |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | |||||
| CVE-2024-11852 | 1 Bdthemes | 1 Element Pack | 2025-01-29 | N/A | 4.3 MEDIUM |
| The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. | |||||
| CVE-2024-24840 | 1 Bdthemes | 1 Element Pack | 2025-01-29 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. | |||||
| CVE-2022-47493 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-47492 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-47490 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 5.5 MEDIUM |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48245 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48244 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48243 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2024-1042 | 1 Wpmilitary | 1 Wp Radio | 2025-01-28 | N/A | 6.4 MEDIUM |
| The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. | |||||
| CVE-2022-48368 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48250 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48249 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48248 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||