Total
5224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44082 | 1 Redhat | 3 Openshift, Openshift Ironic, Openstack | 2024-11-07 | 4.3 Medium |
| In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. | ||||
| CVE-2024-50459 | 1 Hmplugin | 2 Accept Stripe Donation - Aidwp, Aidwp | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | ||||
| CVE-2024-21250 | 1 Oracle | 1 Process Manufacturing Product Development | 2024-11-06 | 8.1 High |
| Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Product Development accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Product Development accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-9109 | 1 Octolize | 1 Woocommerce Ups Shipping | 2024-11-06 | 4.3 Medium |
| The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key. | ||||
| CVE-2024-43924 | 1 Dfactory | 1 Responsive Lightbox | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | ||||
| CVE-2024-9686 | 1 Choplugins | 1 Order Notification For Telegram | 2024-11-06 | 5.3 Medium |
| The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings. | ||||
| CVE-2024-49357 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2024-11-06 | 7.5 High |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_order.json` and `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/system.json`, expose sensitive data like installed applications and system information without requiring any authentication or authorization. This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. As of time of publication, no known patched versions are available. | ||||
| CVE-2024-48932 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2024-11-06 | 5.3 Medium |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available. | ||||
| CVE-2024-43219 | 1 Woocommerce | 1 Persian-woocommerce | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | ||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2024-11-05 | 4.3 Medium |
| Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. | ||||
| CVE-2024-43290 | 1 Atarim | 1 Atarim | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.1. | ||||
| CVE-2024-43277 | 1 Ayecode | 1 Userswp | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. | ||||
| CVE-2024-43274 | 1 Jshelpdesk | 1 Jshelpdesk | 2024-11-05 | 5.8 Medium |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. | ||||
| CVE-2024-43270 | 1 Wpbackitup | 1 Wp Backitup | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||
| CVE-2024-43120 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | ||||
| CVE-2024-9584 | 1 Webcraftplugins | 1 Image Map Pro | 2024-11-05 | 5.4 Medium |
| The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects. | ||||
| CVE-2024-43212 | 1 Magepeople | 1 Wptravelly | 2024-11-05 | 7.5 High |
| Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. | ||||
| CVE-2024-43209 | 1 Bitly | 1 Bitly | 2024-11-05 | 6.5 Medium |
| Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. | ||||
| CVE-2024-38771 | 1 Atarim | 1 Atarim | 2024-11-05 | 6.5 Medium |
| Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0. | ||||
| CVE-2024-38745 | 1 Rymera | 1 Wholesale Suite | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12. | ||||