Export limit exceeded: 362867 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12599 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28612 1 Custom Popup Builder Project 1 Custom Popup Builder 2025-02-20 5.4 Medium
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
CVE-2022-28666 1 Yikesinc 1 Custom Product Tabs For Woocommerce 2025-02-20 5.3 Medium
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.
CVE-2022-41652 1 Expresstech 1 Quiz And Survey Master 2025-02-20 6.5 Medium
Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-41155 1 Webence 1 Iq Block Country 2025-02-20 5.3 Medium
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
CVE-2022-36296 1 Jumpdemand 1 Activedemand 2025-02-20 6.5 Medium
Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete.
CVE-2022-34149 1 Miniorange 1 Wp Oauth Server 2025-02-20 9.8 Critical
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
CVE-2021-36913 1 Redirection-for-contact-form7 1 Redirection For Contact Form 7 2025-02-20 7.5 High
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.
CVE-2022-41135 1 Wpchill 1 Customizable Wordpress Gallery Plugin - Modula Image Gallery 2025-02-20 6.5 Medium
Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
CVE-2022-40208 1 Moodle 1 Moodle 2025-02-20 4.3 Medium
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.
CVE-2024-4819 1 Campcodes 1 Online Laundry Management System 2025-02-20 4.3 Medium
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263940.
CVE-2024-56511 1 Dataease 1 Dataease 2025-02-20 9.8 Critical
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, ”request.getRequestURI“ is used to obtain the request URL, and it is passed to the "WhitelistUtils.match" method to determine whether the URL request is an interface that does not require authentication. The "match" method filters semicolons, but this is not enough. When users set "server.servlet.context-path" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4.
CVE-2024-8943 1 Latepoint 1 Latepoint 2025-02-20 9.8 Critical
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the "Use WordPress users as customers" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.
CVE-2023-27517 1 Intel 16 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 13 more 2025-02-20 6.6 Medium
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
CVE-2022-24972 1 Tp-link 2 Tl-wr940n, Tl-wr940n Firmware 2025-02-19 6.5 Medium
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.
CVE-2024-9946 1 Heateor 1 Super Socializer 2025-02-19 8.1 High
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68.
CVE-2024-9488 1 Gvectors 1 Wpdiscuz 2025-02-19 9.8 Critical
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVE-2023-1647 1 Cal 1 Cal.com 2025-02-19 8.8 High
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.
CVE-2022-4126 4 Abb, Apple, Linux and 1 more 4 Rccmd, Macos, Linux Kernel and 1 more 2025-02-19 9.6 Critical
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
CVE-2023-25817 1 Nextcloud 1 Nextcloud Server 2025-02-19 3.5 Low
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability.
CVE-2025-1044 1 Logsign 1 Unified Secops Platform 2025-02-18 9.8 Critical
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25336.