Total
7696 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33995 | 2024-12-13 | 4.3 Medium | ||
| Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15. | ||||
| CVE-2023-39997 | 2024-12-13 | 5.3 Medium | ||
| Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | ||||
| CVE-2024-5318 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts. | ||||
| CVE-2024-8114 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 8.2 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. | ||||
| CVE-2024-12349 | 2 Jfinalcms Project, Jwillber | 2 Jfinalcms, Jfinalcms | 2024-12-11 | 4.3 Medium |
| A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3315 | 1 Jenkins | 1 Team Concert | 2024-12-11 | 4.3 Medium |
| Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2023-47805 | 1 Themewinter | 1 Wpcafe | 2024-12-09 | 5.3 Medium |
| Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22. | ||||
| CVE-2022-1384 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.7 Medium |
| Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | ||||
| CVE-2023-27263 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | ||||
| CVE-2023-27264 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 7.1 High |
| A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | ||||
| CVE-2023-1774 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.2 Medium |
| When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. | ||||
| CVE-2023-2193 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 6.5 Medium |
| Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | ||||
| CVE-2023-2783 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | ||||
| CVE-2023-2784 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.2 Medium |
| Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | ||||
| CVE-2023-2786 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. | ||||
| CVE-2023-2787 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 6.5 Medium |
| Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API. | ||||
| CVE-2023-2788 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 6.2 Medium |
| Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated. | ||||
| CVE-2023-2791 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post. | ||||
| CVE-2023-21173 | 1 Google | 1 Android | 2024-12-05 | 5.5 Medium |
| In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | ||||
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2024-12-05 | 8.8 High |
| POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | ||||