Export limit exceeded: 10499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5321 | 1 Hamza417 | 1 Inure | 2024-11-21 | 5.5 Medium |
| Missing Authorization in GitHub repository hamza417/inure prior to build94. | ||||
| CVE-2023-5195 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 6.5 Medium |
| Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | ||||
| CVE-2023-5194 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 2.7 Low |
| Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager | ||||
| CVE-2023-5193 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.9 Medium |
| Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. | ||||
| CVE-2023-5165 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 7.1 High |
| Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | ||||
| CVE-2023-5159 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 3.8 Low |
| Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | ||||
| CVE-2023-52275 | 1 Tecno-mobile | 2 Camon X, Camon X Firmware | 2024-11-21 | 2.1 Low |
| Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | ||||
| CVE-2023-52232 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | ||||
| CVE-2023-52230 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | ||||
| CVE-2023-52217 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
| CVE-2023-52186 | 1 Woo | 1 Product Vendors | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. | ||||
| CVE-2023-52117 | 1 Metagauss | 1 Profilegrid | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. | ||||
| CVE-2023-52077 | 1 Nexryai | 1 Nexkey | 2024-11-21 | 8.9 High |
| Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server settings, as well as compromise object storage and email server credentials. This issue has been patched in 12.23Q4.5. | ||||
| CVE-2023-51682 | 1 Ibericode | 1 Mailchimp | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9. | ||||
| CVE-2023-51680 | 1 Technovama | 1 Quotes For Woocommerce | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1. | ||||
| CVE-2023-51679 | 1 Bulkgate | 1 Sms Plugin For Woocommerce | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. | ||||
| CVE-2023-51671 | 1 Funnelkit | 1 Funnelkit Checkout | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | ||||
| CVE-2023-51670 | 1 Funnelkit | 1 Funnelkit Checkout | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | ||||
| CVE-2023-51649 | 1 Networktocode | 1 Nautobot | 2024-11-21 | 3.5 Low |
| Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 | ||||
| CVE-2023-51537 | 1 Awesomesupport | 1 Awesome Support Wordpress Helpdesk \& Support | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5. | ||||