Export limit exceeded: 13909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8114 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.2 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. | ||||
| CVE-2024-12349 | 2 Jfinalcms Project, Jwillber | 2 Jfinalcms, Jfinalcms | 2024-12-11 | 4.3 Medium |
| A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3315 | 1 Jenkins | 1 Team Concert | 2024-12-11 | 4.3 Medium |
| Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2024-47585 | 2024-12-10 | 4.3 Medium | ||
| SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality. | ||||
| CVE-2023-48286 | 2024-12-10 | 8.2 High | ||
| Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntricks Stripe Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through 2.0.79. | ||||
| CVE-2023-48750 | 2024-12-10 | 5.3 Medium | ||
| Missing Authorization vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.1.10. | ||||
| CVE-2023-49848 | 1 Wooproductimporter | 1 Sharkdropship Dropshipping And Affiliate | 2024-12-10 | 6.5 Medium |
| Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. | ||||
| CVE-2024-47581 | 2024-12-10 | 4.3 Medium | ||
| SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted. | ||||
| CVE-2023-50887 | 1 Userfeedback | 1 Userfeedback | 2024-12-09 | 5.3 Medium |
| Missing Authorization vulnerability in UserFeedback Team User Feedback allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through 1.0.10. | ||||
| CVE-2023-47764 | 1 Metaphorcreations | 1 Ditty | 2024-12-09 | 6.5 Medium |
| Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24. | ||||
| CVE-2023-47763 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.31. | ||||
| CVE-2023-47761 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through 2.0.7. | ||||
| CVE-2023-30479 | 1 Stamped | 1 Stamped | 2024-12-09 | 5.3 Medium |
| Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce: from n/a through 2.3.2. | ||||
| CVE-2023-29431 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3.0.1. | ||||
| CVE-2023-29173 | 1 Awesometogi | 1 Product Category Tree | 2024-12-09 | 5.3 Medium |
| Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5. | ||||
| CVE-2023-28536 | 1 Acato | 1 Branded Social Images | 2024-12-09 | 5.3 Medium |
| Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1.1.0. | ||||
| CVE-2023-28532 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5. | ||||
| CVE-2023-28168 | 2024-12-09 | 3.7 Low | ||
| Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9. | ||||
| CVE-2023-27626 | 1 Urosevic | 1 Stock Ticker | 2024-12-09 | 5.3 Medium |
| Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0. | ||||
| CVE-2023-26522 | 1 Onewebsite | 1 Wp Repost | 2024-12-09 | 6.5 Medium |
| Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1. | ||||