Export limit exceeded: 14084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10498 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38369 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe. | ||||
| CVE-2024-38329 | 1 Ibm | 1 Storage Protect For Virtual Environments | 2024-11-21 | 7.7 High |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. | ||||
| CVE-2024-37542 | 1 Wpdevart | 1 Gallery | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||
| CVE-2024-37317 | 1 Nextcloud | 1 Notes | 2024-11-21 | 4.6 Medium |
| The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3. | ||||
| CVE-2024-37314 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 Low |
| Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2. | ||||
| CVE-2024-37176 | 1 Sap | 1 Bw\/4hana | 2024-11-21 | 5.5 Medium |
| SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application. | ||||
| CVE-2024-37175 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2024-11-21 | 4.3 Medium |
| SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information. | ||||
| CVE-2024-37172 | 1 Sap | 2 S4core, S\/4hana | 2024-11-21 | 5.4 Medium |
| SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no impact on the integrity. | ||||
| CVE-2024-37154 | 1 Evmos | 1 Evmos | 2024-11-21 | 5.3 Medium |
| Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and earlier. | ||||
| CVE-2024-37111 | 1 Wishlistmember | 1 Wishlist Member X | 2024-11-21 | 7.5 High |
| Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
| CVE-2024-36113 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.9 Medium |
| Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available. | ||||
| CVE-2024-35748 | 1 Opmc | 1 Woocommerce Dropshipping | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. | ||||
| CVE-2024-35742 | 1 Codeparrots | 1 Easy Forms For Mailchimp | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | ||||
| CVE-2024-35741 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | ||||
| CVE-2024-35735 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. | ||||
| CVE-2024-35727 | 1 Actpro | 1 Extra Product Options For Woocommerce | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. | ||||
| CVE-2024-35726 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration. Create Woocommerce Member Pages | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. | ||||
| CVE-2024-35725 | 1 La-studioweb | 1 Element Kit For Elementor | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6. | ||||
| CVE-2024-35724 | 1 Bosathemes | 1 Bosa Elementor Addons And Templates For Woocommerce | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12. | ||||
| CVE-2024-35722 | 1 Awplife | 1 Slider Responsive Slideshow | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0. | ||||