Export limit exceeded: 45785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10670 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10670 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31669 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | 6.4 Medium |
| Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | ||||
| CVE-2024-3379 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-18 | 9.6 Critical |
| In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7. | ||||
| CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-15 | 4.3 Medium |
| A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-49376 | 1 Autolabproject | 1 Autolab | 2024-11-14 | 8.8 High |
| Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist. | ||||
| CVE-2024-42000 | 1 Mattermost | 1 Mattermost Server | 2024-11-14 | 2.7 Low |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels. | ||||
| CVE-2024-50310 | 1 Siemens | 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware | 2024-11-13 | 7.5 High |
| A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem. | ||||
| CVE-2024-43919 | 1 Yarpp | 2 Yarpp, Yet Another Related Posts Plugin | 2024-11-13 | 5.3 Medium |
| Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | ||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | 8.1 High |
| Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | ||||
| CVE-2024-43314 | 1 Gabelivan | 1 Asset Cleanup | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. | ||||
| CVE-2024-43332 | 1 Meowapps | 1 Photo Engine | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. | ||||
| CVE-2024-43341 | 1 Cozythemes | 1 Hello Agency | 2024-11-13 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5. | ||||
| CVE-2024-43343 | 1 Etoilewebdesign | 1 Order Tracking | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. | ||||
| CVE-2024-43355 | 1 Beardev | 1 Joomsport | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. | ||||
| CVE-2024-43923 | 1 Arraytics | 1 Wp Timetics | 2024-11-13 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. | ||||
| CVE-2024-43925 | 1 Enviragallery | 1 Envira Gallery | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14. | ||||
| CVE-2024-43293 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. | ||||
| CVE-2024-43296 | 1 Bplugins | 1 Html5 Video Player | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. | ||||
| CVE-2024-43297 | 1 Backupbliss | 1 Clone | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. | ||||
| CVE-2024-43298 | 1 Backupbliss | 1 Clone | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. | ||||
| CVE-2024-43302 | 1 Fontsplugin | 1 Fonts | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. | ||||