Total
5225 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000388 | 1 Jenkins | 1 Dependency Graph Viewer | 2024-11-21 | N/A |
| Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | ||||
| CVE-2016-11036 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | ||||
| CVE-2015-20067 | 1 Wp Attachment Export Project | 1 Wp Attachment Export | 2024-11-21 | 7.5 High |
| The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | ||||
| CVE-2013-4226 | 1 Drupal | 1 Authenticated User Page Caching | 2024-11-21 | 6.5 Medium |
| The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | ||||
| CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 2 Satellite, Restful Web Services | 2024-11-21 | 8.8 High |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
| CVE-2013-3960 | 1 Easytimestudio | 1 Easy File Manager | 2024-11-21 | 9.9 Critical |
| Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | ||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | ||||
| CVE-2012-6614 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 7.2 High |
| D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | ||||
| CVE-2012-0055 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. | ||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | ||||
| CVE-2024-10897 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2024-11-20 | 4.3 Medium |
| The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin. | ||||
| CVE-2024-52395 | 1 Quantumcloud | 1 Floating Buttons | 2024-11-20 | 5.3 Medium |
| Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8. | ||||
| CVE-2024-48898 | 1 Moodle | 1 Moodle | 2024-11-20 | 6.5 Medium |
| A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from. | ||||
| CVE-2024-51671 | 2024-11-20 | 2.7 Low | ||
| Missing Authorization vulnerability in ThemeIsle Otter - Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through 3.0.3. | ||||
| CVE-2024-49689 | 2024-11-20 | 5.4 Medium | ||
| Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through 0.5. | ||||
| CVE-2024-10390 | 2024-11-19 | 6.4 Medium | ||
| The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2024-11-19 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
| CVE-2024-11194 | 1 Techlabpro1 | 1 Classified Listing Plugin | 2024-11-19 | 8.8 High |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. | ||||
| CVE-2024-10582 | 1 Smartwpress | 1 Music Player For Elementor | 2024-11-19 | 4.3 Medium |
| The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates. | ||||
| CVE-2024-43323 | 2 Reviewx, Wpdeveloper | 2 Reviewx, Reviewx | 2024-11-19 | 5.3 Medium |
| Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. | ||||