Total
29703 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12919 | 1 Cozmoslabs | 1 Membership \& Content Restriction - Paid Member Subscriptions | 2025-01-22 | 9.8 Critical |
| The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site. | ||||
| CVE-2023-28369 | 1 Brother | 1 Iprint\&scan | 2025-01-22 | 3.3 Low |
| Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview. | ||||
| CVE-2023-22348 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-01-22 | 4.3 Medium |
| Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | ||||
| CVE-2023-0965 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-22 | 3.1 Low |
| Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-1132 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-22 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2024-23666 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | 7.1 High |
| A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. | ||||
| CVE-2023-44255 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer Big Data, Fortimanager | 2025-01-21 | 3.9 Low |
| An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. | ||||
| CVE-2023-2481 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32096 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 3.1 Low |
| Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32097 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 3.1 Low |
| Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32098 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32099 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-32100 | 1 Silabs | 1 Gecko Software Development Kit | 2025-01-21 | 5.3 Medium |
| Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | ||||
| CVE-2023-31726 | 1 Alist Project | 1 Alist | 2025-01-21 | 7.5 High |
| AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2022-40633 | 1 Rittal | 2 Cmc Iii, Cmc Iii Firmware | 2025-01-17 | 4.6 Medium |
| A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks. | ||||
| CVE-2024-33510 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-01-17 | 3.6 Low |
| An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. | ||||
| CVE-2024-47906 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | 7.8 High |
| Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | ||||
| CVE-2024-8539 | 4 Apple, Ivanti, Linux and 1 more | 4 Macos, Secure Access Client, Linux Kernel and 1 more | 2025-01-17 | 7.1 High |
| Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | ||||
| CVE-2024-9842 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | 7.3 High |
| Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | ||||
| CVE-2024-7571 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | 7.8 High |
| Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||