Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37544 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Tobias Conrad Get Better Reviews for WooCommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through 4.0.6. | |||||
| CVE-2024-37542 | 1 Wpdevart | 1 Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | |||||
| CVE-2024-37317 | 1 Nextcloud | 1 Notes | 2024-11-21 | N/A | 4.6 MEDIUM |
| The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3. | |||||
| CVE-2024-37314 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2. | |||||
| CVE-2024-37296 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue. | |||||
| CVE-2024-37202 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16. | |||||
| CVE-2024-37176 | 1 Sap | 1 Bw\/4hana | 2024-11-21 | N/A | 5.5 MEDIUM |
| SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application. | |||||
| CVE-2024-37175 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2024-11-21 | N/A | 4.3 MEDIUM |
| SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information. | |||||
| CVE-2024-37172 | 1 Sap | 2 S4core, S\/4hana | 2024-11-21 | N/A | 5.4 MEDIUM |
| SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity. | |||||
| CVE-2024-37111 | 1 Wishlistmember | 1 Wishlist Member X | 2024-11-21 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | |||||
| CVE-2024-36995 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. | |||||
| CVE-2024-36113 | 1 Discourse | 1 Discourse | 2024-11-21 | N/A | 4.9 MEDIUM |
| Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available. | |||||
| CVE-2024-36036 | 2024-11-21 | N/A | 4.2 MEDIUM | ||
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration. | |||||
| CVE-2024-35748 | 1 Opmc | 1 Woocommerce Dropshipping | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. | |||||
| CVE-2024-35742 | 1 Codeparrots | 1 Easy Forms For Mailchimp | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | |||||
| CVE-2024-35741 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | |||||
| CVE-2024-35735 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. | |||||
| CVE-2024-35729 | 1 Tickera | 1 Tickera | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6. | |||||
| CVE-2024-35727 | 1 Actpro | 1 Extra Product Options For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. | |||||
| CVE-2024-35726 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration. Create Woocommerce Member Pages | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. | |||||