Total
4639 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27608 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | |||||
| CVE-2023-27607 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0. | |||||
| CVE-2023-27462 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 3.1 LOW |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. | |||||
| CVE-2023-27460 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | |||||
| CVE-2023-27437 | 2024-11-21 | N/A | 3.7 LOW | ||
| Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf. | |||||
| CVE-2023-27310 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 6.6 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts. | |||||
| CVE-2023-27309 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. | |||||
| CVE-2023-27264 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 7.1 HIGH |
| A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | |||||
| CVE-2023-27263 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | |||||
| CVE-2023-26562 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. | |||||
| CVE-2023-26523 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. | |||||
| CVE-2023-26521 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104. | |||||
| CVE-2023-26510 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 5.7 MEDIUM |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | |||||
| CVE-2023-26301 | 1 Hp | 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | |||||
| CVE-2023-26035 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A | 7.2 HIGH |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-25799 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | N/A | 8.3 HIGH |
| Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | |||||
| CVE-2023-25785 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | |||||
| CVE-2023-25715 | 1 Gamipress | 1 Gamipress | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | |||||
| CVE-2023-25573 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 8.6 HIGH |
| metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-25552 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | N/A | 8.1 HIGH |
| A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||