Total
455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2024-02-05 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2024-02-05 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | |||||
| CVE-2023-38884 | 1 Os4ed | 1 Opensis | 2024-02-05 | N/A | 7.5 HIGH |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | |||||
| CVE-2023-47191 | 1 Kainelabs | 1 Youzify | 2024-02-05 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | |||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2024-02-05 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | |||||
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2024-02-05 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |||||
| CVE-2023-7031 | 1 Avaya | 1 Aura Experience Portal | 2024-02-05 | N/A | 4.3 MEDIUM |
| Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. | |||||
| CVE-2023-6223 | 1 Thimpress | 1 Learnpress | 2024-02-05 | N/A | 4.3 MEDIUM |
| The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress. | |||||
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2024-02-05 | N/A | 4.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-44249 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-05 | N/A | 6.5 MEDIUM |
| An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | |||||
| CVE-2023-3601 | 1 Webfactoryltd | 1 Simple Author Box | 2024-02-05 | N/A | 4.3 MEDIUM |
| The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. | |||||
| CVE-2023-28481 | 1 Tigergraph | 1 Tigergraph | 2024-02-05 | N/A | 8.8 HIGH |
| An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH authorized keys file. Any code running as the tigergraph user is able to add their SSH public key into the authorised keys file. This allows an attacker to obtain password-less SSH key access by using their own SSH key. | |||||
| CVE-2023-2958 | 1 Orjinyazilim | 1 Ats Pro | 2024-02-05 | N/A | 9.8 CRITICAL |
| Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714. | |||||
| CVE-2023-37543 | 1 Cacti | 1 Cacti | 2024-02-05 | N/A | 7.5 HIGH |
| Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. | |||||
| CVE-2023-2190 | 1 Gitlab | 1 Gitlab | 2024-02-05 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public. | |||||
| CVE-2023-38257 | 1 Iagona | 1 Scrutisweb | 2024-02-05 | N/A | 7.5 HIGH |
| Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords. | |||||
| CVE-2023-2260 | 1 Alf | 1 Alf | 2024-02-04 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | |||||
| CVE-2023-1911 | 1 Creativethemes | 1 Blocksy Companion | 2024-02-04 | N/A | 4.3 MEDIUM |
| The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example | |||||
| CVE-2023-2883 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2024-02-04 | N/A | 8.8 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||||
| CVE-2021-33223 | 1 Seeddms | 1 Seeddms | 2024-02-04 | N/A | 8.8 HIGH |
| An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | |||||