| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. |
| The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed. |
| Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. |
| The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features. |
| ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7. |
| Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
|
| Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. |
| Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1. |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
| WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. |
| Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. |
| The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options. |
| A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects:
- AOS-CX 10.14.xxxx : All patches
- AOS-CX 10.15.xxxx : 10.15.1000 and below
The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability. |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
