Export limit exceeded: 10484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30485 | 1 Xlplugins | 1 Finale | 2024-11-21 | 8.8 High |
| Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | ||||
| CVE-2024-30484 | 1 Risethemes | 1 Rt Easy Builder | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0. | ||||
| CVE-2024-30470 | 1 Yithemes | 1 Woocommerce Account Funds | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0. | ||||
| CVE-2024-30467 | 1 Wpdeveloper | 1 Essential Blocks | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9. | ||||
| CVE-2024-30466 | 1 Onthegosystems | 1 Woocommerce Multilingual \& Multicurrency | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4. | ||||
| CVE-2024-30465 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1. | ||||
| CVE-2024-30464 | 1 Wpzoom | 1 Social Icons Widget | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15. | ||||
| CVE-2024-2743 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables. | ||||
| CVE-2024-25929 | 1 Multivendorx | 1 Product Catalog Mode For Woocommerce | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5. | ||||
| CVE-2024-25643 | 1 Sap | 1 Fiori | 2024-11-21 | 4.3 Medium |
| The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. | ||||
| CVE-2024-25092 | 1 Xlplugins | 1 Nextmove | 2024-11-21 | 8.8 High |
| Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. | ||||
| CVE-2024-24822 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | 6.5 Medium |
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. | ||||
| CVE-2024-24774 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.4 Low |
| Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | ||||
| CVE-2024-24751 | 1 Derhansen | 1 Event Management And Registration | 2024-11-21 | 4.3 Medium |
| sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-24741 | 1 Sap | 1 Master Data Governance For Material Data | 2024-11-21 | 4.3 Medium |
| SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. | ||||
| CVE-2024-24716 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6. | ||||
| CVE-2024-24704 | 1 Addonmaster | 1 Load More Anything | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | ||||
| CVE-2024-23669 | 1 Fortinet | 2 Fortiweb Manager, Fortiwebmanager | 2024-11-21 | 6.4 Medium |
| An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | ||||
| CVE-2024-23653 | 1 Mobyproject | 1 Buildkit | 2024-11-21 | 9.8 Critical |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. | ||||
| CVE-2024-23629 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-11-21 | 9.6 Critical |
| An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. | ||||