Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27576 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. | |||||
| CVE-2023-26428 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | N/A | 6.5 MEDIUM |
| Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known. | |||||
| CVE-2023-26237 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. | |||||
| CVE-2023-25160 | 1 Nextcloud | 1 Mail | 2024-11-21 | N/A | 4.1 MEDIUM |
| Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available. | |||||
| CVE-2023-24842 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2024-11-21 | N/A | 5.3 MEDIUM |
| HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL. | |||||
| CVE-2023-24834 | 1 Wisdomgarden | 1 Tronclass Ilearn | 2024-11-21 | N/A | 6.5 MEDIUM |
| WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL. | |||||
| CVE-2023-23679 | 1 Jshelpdesk | 1 Jshelpdesk | 2024-11-21 | N/A | 4.6 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | |||||
| CVE-2023-22471 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | 3.5 LOW |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | |||||
| CVE-2023-1889 | 1 Wpwax | 1 Directorist | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. | |||||
| CVE-2023-1750 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-11-21 | N/A | 7.1 HIGH |
| The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information. | |||||
| CVE-2023-1749 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute. | |||||
| CVE-2023-1463 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | |||||
| CVE-2023-1462 | 1 Vadi | 1 Digikent | 2024-11-21 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20. | |||||
| CVE-2023-0985 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | N/A | 8.8 HIGH |
| An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account. | |||||
| CVE-2023-0882 | 2 Krontech, Microsoft | 2 Single Connect, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. | |||||
| CVE-2023-0694 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission. | |||||
| CVE-2023-0693 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment. | |||||
| CVE-2023-0692 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions. | |||||
| CVE-2023-0691 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name. | |||||
| CVE-2023-0688 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID. | |||||