Export limit exceeded: 10410 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10410 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37123 | 1 Vowelweb | 1 Ibtana | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3. | ||||
| CVE-2024-37456 | 1 Noptin | 1 Noptin | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2. | ||||
| CVE-2024-37425 | 2024-11-01 | 5.4 Medium | ||
| Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. | ||||
| CVE-2024-37427 | 1 Arraytics | 1 Timetics | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21. | ||||
| CVE-2024-37439 | 1 Uncannyowl | 1 Uncanny Toolkit Pro For Learndash | 2024-11-01 | 5.4 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0 | ||||
| CVE-2024-37443 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0. | ||||
| CVE-2024-37468 | 1 Blazethemes | 1 Newsmatic | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1. | ||||
| CVE-2024-37475 | 1 Automattic | 1 Newspack Newsletters | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2. | ||||
| CVE-2024-37477 | 2024-11-01 | 6.5 Medium | ||
| Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5. | ||||
| CVE-2024-37506 | 1 Wpcharitable | 1 Charitable | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | ||||
| CVE-2024-37510 | 1 Wpcharitable | 1 Charitable | 2024-11-01 | 6.5 Medium |
| Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | ||||
| CVE-2024-20482 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role. This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration. | ||||
| CVE-2024-49501 | 2024-11-01 | N/A | ||
| Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function. | ||||
| CVE-2024-8691 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-01 | 7.1 High |
| A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this vulnerability are disconnected from GlobalProtect. Upon exploitation, PAN-OS logs indicate that the impersonated user authenticated to GlobalProtect, which hides the identity of the attacker. | ||||
| CVE-2024-42934 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-10-31 | 5 Medium |
| OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | ||||
| CVE-2022-30358 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required. | ||||
| CVE-2022-30356 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege. | ||||
| CVE-2024-20420 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user. | ||||
| CVE-2024-20463 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. | ||||
| CVE-2021-26387 | 2024-10-30 | 3.9 Low | ||
| Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity. | ||||