Total
2928 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-52416 | 2024-11-18 | N/A | 10.0 CRITICAL | ||
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. | |||||
CVE-2024-10728 | 2024-11-18 | N/A | 8.8 HIGH | ||
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | |||||
CVE-2024-52921 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | |||||
CVE-2024-10786 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches. | |||||
CVE-2024-11085 | 2024-11-18 | N/A | 5.4 MEDIUM | ||
The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings. | |||||
CVE-2024-10614 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status. | |||||
CVE-2024-48073 | 2024-11-18 | N/A | 9.8 CRITICAL | ||
sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges. | |||||
CVE-2024-10531 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 4.3 MEDIUM |
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants. | |||||
CVE-2024-10530 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 4.3 MEDIUM |
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants. | |||||
CVE-2024-10529 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | N/A | 5.3 MEDIUM |
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants. | |||||
CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-15 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-43088 | 2024-11-15 | N/A | 8.4 HIGH | ||
In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-52549 | 2024-11-15 | N/A | 4.3 MEDIUM | ||
Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | |||||
CVE-2024-43087 | 2024-11-15 | N/A | 8.4 HIGH | ||
In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
CVE-2024-43090 | 2024-11-15 | N/A | 5.0 MEDIUM | ||
In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. | |||||
CVE-2024-34719 | 2024-11-15 | N/A | 8.4 HIGH | ||
In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-52554 | 2024-11-15 | N/A | 8.8 HIGH | ||
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection. | |||||
CVE-2024-52382 | 2024-11-15 | N/A | 9.8 CRITICAL | ||
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0. | |||||
CVE-2024-52383 | 2024-11-15 | N/A | 7.5 HIGH | ||
Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2. | |||||
CVE-2023-52713 | 2024-11-14 | N/A | 7.7 HIGH | ||
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |