Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54369 | 2024-12-16 | N/A | 9.1 CRITICAL | ||
| Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. | |||||
| CVE-2024-54359 | 2024-12-16 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0. | |||||
| CVE-2024-54354 | 2024-12-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47. | |||||
| CVE-2024-28230 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | N/A | 6.5 MEDIUM |
| In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | |||||
| CVE-2024-12553 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394. | |||||
| CVE-2023-40105 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
| In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40113 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-5318 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 4.0 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. | |||||
| CVE-2024-55879 | 2024-12-13 | N/A | 9.1 CRITICAL | ||
| XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading. | |||||
| CVE-2024-55876 | 2024-12-13 | N/A | 5.4 MEDIUM | ||
| XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch. | |||||
| CVE-2024-54326 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through 4.5.0.4. | |||||
| CVE-2024-54323 | 2024-12-13 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WPExpertsio New User Approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through 2.6.2. | |||||
| CVE-2024-54311 | 2024-12-13 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1. | |||||
| CVE-2024-54310 | 2024-12-13 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through 1.0.1.8. | |||||
| CVE-2024-54298 | 2024-12-13 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Bill Minozzi Car Dealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through 4.46. | |||||
| CVE-2024-54289 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.3.0. | |||||
| CVE-2024-54278 | 2024-12-13 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through 2.1.3. | |||||
| CVE-2024-54271 | 2024-12-13 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WPTaskForce WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | |||||
| CVE-2024-54267 | 2024-12-13 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CreativeMindsSolutions CM Answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through 3.2.6. | |||||
| CVE-2024-54256 | 2024-12-13 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Seerox Easy Blocks pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through 1.0.21. | |||||