Total
2081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11967 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-05-17 | 9.0 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. | |||||
| CVE-2024-27939 | 2024-05-14 | N/A | 9.8 CRITICAL | ||
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges. | |||||
| CVE-2024-33000 | 2024-05-14 | N/A | 3.5 LOW | ||
| SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system. | |||||
| CVE-2024-4139 | 2024-05-14 | N/A | 4.3 MEDIUM | ||
| Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. | |||||
| CVE-2024-4138 | 2024-05-14 | N/A | 4.3 MEDIUM | ||
| Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected. | |||||
| CVE-2024-32731 | 2024-05-14 | N/A | 5.5 MEDIUM | ||
| SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application. | |||||
| CVE-2024-32730 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application. | |||||
| CVE-2024-33938 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0. | |||||
| CVE-2024-32776 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | |||||
| CVE-2024-33956 | 2024-05-14 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. | |||||
| CVE-2024-32712 | 2024-05-14 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | |||||
| CVE-2024-32724 | 2024-05-14 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. | |||||
| CVE-2024-32719 | 2024-05-14 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Club Manager.This issue affects WP Club Manager: from n/a through 2.2.11. | |||||
| CVE-2024-33942 | 2024-05-14 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2. | |||||
| CVE-2024-32717 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8. | |||||
| CVE-2024-4317 | 2024-05-14 | N/A | 3.1 LOW | ||
| Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. | |||||
| CVE-2024-33574 | 2024-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | |||||
| CVE-2024-33573 | 2024-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | |||||
| CVE-2024-30459 | 2024-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | |||||
| CVE-2024-31270 | 2024-05-08 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | |||||