Vulnerabilities (CVE)

Filtered by CWE-284
Total 4451 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-20036 2 Google, Mediatek 11 Android, Mt6835, Mt6855 and 8 more 2026-06-17 N/A 4.4 MEDIUM
In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508.
CVE-2024-1942 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.
CVE-2024-1898 1 Devolutions 1 Devolutions Server 2026-06-17 N/A 4.3 MEDIUM
Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.
CVE-2024-1888 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server
CVE-2024-1887 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. 
CVE-2024-1823 1 Codeastro 1 Simple Voting System 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.
CVE-2024-1701 1 Keerti1924 1 Php Mysql User Signup Login System 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1678 2026-06-17 N/A 5.3 MEDIUM
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content.
CVE-2024-1675 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 8.8 HIGH
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-1668 1 Theme-fusion 1 Avada 2026-06-17 N/A 6.5 MEDIUM
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).
CVE-2024-1632 1 Progress 1 Sitefinity 2026-06-17 N/A 8.8 HIGH
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
CVE-2024-1584 1 Analytify 1 Analytify - Google Analytics Dashboard 2026-06-17 N/A 5.3 MEDIUM
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID.
CVE-2024-1492 1 Wpify 1 Woo Czech 2026-06-17 N/A 5.3 MEDIUM
The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.
CVE-2024-1478 1 Helderk 1 Maintenance Mode 2026-06-17 N/A 5.3 MEDIUM
The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin.
CVE-2024-1476 1 Acurax 1 Under Construction \/ Maintenance Mode 2026-06-17 N/A 5.3 MEDIUM
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin.
CVE-2024-1475 1 Awplife 1 Coming Soon Maintenance Mode 2026-06-17 N/A 5.3 MEDIUM
The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin.
CVE-2024-1473 1 Colorlib 1 Coming Soon \& Maintenance Mode 2026-06-17 N/A 5.3 MEDIUM
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin.
CVE-2024-1472 1 Restezconnectes 1 Wp Maintenance 2026-06-17 N/A 5.3 MEDIUM
The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API.
CVE-2024-1462 1 Themegrill 1 Maintenance Page 2026-06-17 N/A 5.3 MEDIUM
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.
CVE-2024-1439 1 Moodle 1 Moodle 2026-06-17 N/A 6.5 MEDIUM
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.