Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30466 | 1 Onthegosystems | 1 Woocommerce Multilingual \& Multicurrency | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4. | |||||
| CVE-2024-30465 | 1 Pagelayer | 1 Pagelayer | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1. | |||||
| CVE-2024-30464 | 1 Wpzoom | 1 Social Icons Widget | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15. | |||||
| CVE-2024-30463 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. | |||||
| CVE-2024-30459 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | |||||
| CVE-2024-30235 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | |||||
| CVE-2024-30234 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | |||||
| CVE-2024-30217 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted. | |||||
| CVE-2024-30216 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted. | |||||
| CVE-2024-2906 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | |||||
| CVE-2024-2882 | 2024-11-21 | N/A | N/A | ||
| SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. | |||||
| CVE-2024-2702 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||||
| CVE-2024-2544 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | N/A | 7.4 HIGH |
| The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks. | |||||
| CVE-2024-2216 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. | |||||
| CVE-2024-2017 | 1 Edmonsoft | 1 Countdown Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns. | |||||
| CVE-2024-29241 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors. | |||||
| CVE-2024-29240 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | |||||
| CVE-2024-29229 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-29228 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2024-28230 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | |||||