Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35237 | 2024-11-21 | N/A | 7.5 HIGH | ||
| MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated. | |||||
| CVE-2024-35174 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42. | |||||
| CVE-2024-35168 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1. | |||||
| CVE-2024-34826 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler: from n/a through 1.6.4. | |||||
| CVE-2024-34824 | 1 Themeboy | 1 Sportspress | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. | |||||
| CVE-2024-34822 | 1 Wedevs | 1 Wemail | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. | |||||
| CVE-2024-34821 | 1 Contactlistpro | 1 Contact List | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87. | |||||
| CVE-2024-34820 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1. | |||||
| CVE-2024-34819 | 1 Moreconvert | 1 Woocommerce Wishlist | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2. | |||||
| CVE-2024-34815 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5. | |||||
| CVE-2024-34813 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8. | |||||
| CVE-2024-34804 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | |||||
| CVE-2024-34803 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | |||||
| CVE-2024-34802 | 1 Wpfoxly | 1 Adfoxly | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | |||||
| CVE-2024-34768 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | |||||
| CVE-2024-34763 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5. | |||||
| CVE-2024-34758 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. | |||||
| CVE-2024-34753 | 1 Softlabbd | 1 Radio Player | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | |||||
| CVE-2024-34691 | 1 Sap | 1 S\/4 Hana | 2024-11-21 | N/A | 6.5 MEDIUM |
| Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system. | |||||
| CVE-2024-34690 | 1 Sap | 1 Student Life Cycle Management | 2024-11-21 | N/A | 5.4 MEDIUM |
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application. | |||||