Total
7690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23521 | 1 Happyforms | 1 Happyforms | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10. | ||||
| CVE-2024-23504 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | ||||
| CVE-2024-23503 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | ||||
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | ||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | ||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | ||||
| CVE-2023-6038 | 1 H2o | 1 H2o | 2024-11-21 | 7.5 High |
| A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3. | ||||
| CVE-2023-6020 | 1 Ray Project | 1 Ray | 2024-11-21 | 7.5 High |
| LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. | ||||
| CVE-2023-6001 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 5.3 Medium |
| Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment. | ||||
| CVE-2023-5949 | 1 Wpmudev | 1 Smartcrawl | 2024-11-21 | 7.5 High |
| The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. | ||||
| CVE-2023-5862 | 1 Hamza417 | 1 Inure | 2024-11-21 | 3.3 Low |
| Missing Authorization in GitHub repository hamza417/inure prior to Build95. | ||||
| CVE-2023-5737 | 1 Webtoffee | 1 Backup And Migration | 2024-11-21 | 4.3 Medium |
| The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. | ||||
| CVE-2023-5525 | 1 Limitloginattempts | 1 Limit Login Attempts Reloaded | 2024-11-21 | 4.3 Medium |
| The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin. | ||||
| CVE-2023-5331 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | ||||
| CVE-2023-5321 | 1 Hamza417 | 1 Inure | 2024-11-21 | 5.5 Medium |
| Missing Authorization in GitHub repository hamza417/inure prior to build94. | ||||
| CVE-2023-5165 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 7.1 High |
| Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | ||||
| CVE-2023-52275 | 1 Tecno-mobile | 2 Camon X, Camon X Firmware | 2024-11-21 | 2.1 Low |
| Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. | ||||
| CVE-2023-52232 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | ||||
| CVE-2023-52230 | 1 Booster | 1 Booster For Woocommerce | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | ||||
| CVE-2023-52217 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||