| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36. |
| Windows Boot Manager Security Feature Bypass Vulnerability |
| Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. |
| Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2. |
| Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through 1.0.2. |
| Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.
|
| Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey & Form Builder – MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Builder – MightyForms: from n/a through 1.3.9. |
| Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0. |
| Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119. |
| Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0. |
| Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7. |
| Missing Authorization vulnerability in David de Boer Paytium.This issue affects Paytium: from n/a through 4.4.10. |
| Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4. |
| A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. |
| The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service. |
| The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings. |
| The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file on the /1/api/ulisting-user/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database. |
| The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database. |
