Total
29700 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2496 | 1 Granthweb | 1 Go Pricing | 2025-01-13 | 7.1 High |
| The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2023-2734 | 1 Inspireui | 1 Mstore Api | 2025-01-13 | 9.8 Critical |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | ||||
| CVE-2023-2733 | 1 Inspireui | 1 Mstore Api | 2025-01-13 | 9.8 Critical |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | ||||
| CVE-2023-2732 | 1 Inspireui | 1 Mstore Api | 2025-01-13 | 9.8 Critical |
| The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. | ||||
| CVE-2024-39727 | 1 Ibm | 2 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights | 2025-01-10 | 6.1 Medium |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser. | ||||
| CVE-2023-33198 | 1 Tgstation13 | 1 Tgstation-server | 2025-01-10 | 6.1 Medium |
| tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise. | ||||
| CVE-2025-0211 | 1 Campcodes | 1 School Faculty Scheduling System | 2025-01-10 | 6.3 Medium |
| A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-33189 | 1 Pomerium | 1 Pomerium | 2025-01-10 | 10 Critical |
| Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2. | ||||
| CVE-2024-54096 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-10 | 5.3 Medium |
| Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. | ||||
| CVE-2023-23562 | 1 Stormshield | 1 Endpoint Security | 2025-01-10 | 4.3 Medium |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | ||||
| CVE-2024-1902 | 1 Lunary | 1 Lunary | 2025-01-10 | 7.5 High |
| lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route. | ||||
| CVE-2024-23360 | 1 Qualcomm | 26 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 23 more | 2025-01-09 | 8.4 High |
| Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. | ||||
| CVE-2023-2758 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 3.7 Low |
| A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time. | ||||
| CVE-2016-10408 | 1 Qualcomm | 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8037 and 7 more | 2025-01-09 | 7.8 High |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | ||||
| CVE-2023-28657 | 1 Contec | 1 Conprosys Hmi System | 2025-01-09 | 8.8 High |
| Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user. | ||||
| CVE-2024-6449 | 1 Hyperview | 1 Geoportal Toolkit | 2025-01-09 | 6.5 Medium |
| HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space. By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides. | ||||
| CVE-2023-22647 | 1 Suse | 1 Rancher | 2025-01-09 | 9.9 Critical |
| An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | ||||
| CVE-2024-25964 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5.3 Medium |
| Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-25966 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 5.3 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2024-25965 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 6.1 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service. | ||||