Export limit exceeded: 343843 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7641 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24850 | 2024-11-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | ||||
| CVE-2024-24822 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | 6.5 Medium |
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. | ||||
| CVE-2024-24741 | 1 Sap | 1 Master Data Governance For Material Data | 2024-11-21 | 4.3 Medium |
| SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. | ||||
| CVE-2024-24716 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6. | ||||
| CVE-2024-24711 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
| CVE-2024-24704 | 1 Addonmaster | 1 Load More Anything | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | ||||
| CVE-2024-23524 | 1 Ontraport | 1 Pilotpress | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30. | ||||
| CVE-2024-23521 | 1 Happyforms | 1 Happyforms | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10. | ||||
| CVE-2024-23518 | 2024-11-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. | ||||
| CVE-2024-23504 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | ||||
| CVE-2024-23503 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | ||||
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | ||||
| CVE-2024-22156 | 1 Snpdigital | 1 Salesking Wordpress | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | ||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | ||||
| CVE-2024-1350 | 2024-11-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | ||||
| CVE-2024-1137 | 2024-11-21 | 4.3 Medium | ||
| The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. | ||||
| CVE-2024-0394 | 2024-11-21 | 7.8 High | ||
| Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users. The vulnerability has been remediated and fixed in version 4.5.5. | ||||
| CVE-2023-6038 | 1 H2o | 1 H2o | 2024-11-21 | 7.5 High |
| A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3. | ||||
| CVE-2023-6020 | 1 Ray Project | 1 Ray | 2024-11-21 | 7.5 High |
| LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. | ||||