| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variables beyond their intended authorization level. |
| SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. |
| Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.
|
| Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6.
|
| Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. |
| Missing Authorization vulnerability in Crocoblock JetMenu jet-menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetMenu: from n/a through <= 2.4.9. |
| Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3.
|
| The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems. |
| The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values. |
| Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.
|
| Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
|
| Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
|
| Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38.
|
| Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.
|
| Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31.
|
| Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.
|
| Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.
|
| In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions. |
| Missing Authorization vulnerability in SiteGround Speed Optimizer.This issue affects Speed Optimizer: from n/a through 7.4.6.
|
| Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.
|
