Total
454 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0580 | 1 Idmsistemas | 1 Sinergia | 2024-02-05 | N/A | 7.5 HIGH |
Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc. | |||||
CVE-2023-36235 | 1 Webkul | 1 Qloapps | 2024-02-05 | N/A | 6.5 MEDIUM |
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | |||||
CVE-2023-33706 | 1 Sysaid | 1 Sysaid | 2024-02-05 | N/A | 6.5 MEDIUM |
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | |||||
CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-02-05 | N/A | 9.8 CRITICAL |
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | |||||
CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2024-02-05 | N/A | 7.5 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
CVE-2023-6929 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. | |||||
CVE-2023-6630 | 1 Rocklobster | 1 Contact Form 7 | 2024-02-05 | N/A | 4.3 MEDIUM |
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key. | |||||
CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2024-02-05 | N/A | 7.5 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | |||||
CVE-2023-47316 | 1 H-mdm | 1 Headwind Mdm | 2024-02-05 | N/A | 5.4 MEDIUM |
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls. | |||||
CVE-2022-43450 | 1 Xwp | 1 Stream | 2024-02-05 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |||||
CVE-2023-48783 | 1 Fortinet | 1 Fortiportal | 2024-02-05 | N/A | 5.4 MEDIUM |
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | |||||
CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-02-05 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | |||||
CVE-2023-48641 | 1 Archerirm | 1 Archer | 2024-02-05 | N/A | 8.8 HIGH |
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources. | |||||
CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-02-05 | N/A | 6.5 MEDIUM |
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | |||||
CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2024-02-05 | N/A | 7.5 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | |||||
CVE-2023-6341 | 1 Catalisgov | 1 Cms360 | 2024-02-05 | N/A | 5.3 MEDIUM |
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | |||||
CVE-2023-51503 | 1 Automattic | 1 Woopayments | 2024-02-05 | N/A | 7.5 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | |||||
CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2024-02-05 | N/A | 7.5 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | |||||
CVE-2023-51502 | 2024-02-05 | N/A | 9.8 CRITICAL | ||
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | |||||
CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2024-02-05 | N/A | 7.5 HIGH |
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. |