Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35164 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 6.3 MEDIUM |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-35149 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2023-35093 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-11-21 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more. | |||||
| CVE-2023-35050 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0. | |||||
| CVE-2023-35049 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. | |||||
| CVE-2023-35045 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7. | |||||
| CVE-2023-35040 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6. | |||||
| CVE-2023-34463 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 8.1 HIGH |
| DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-34379 | 1 Magneticone | 1 Magento To Woocommerce Migration | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||||
| CVE-2023-34186 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3. | |||||
| CVE-2023-34165 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | |||||
| CVE-2023-34063 | 1 Vmware | 2 Aria Automation, Cloud Foundation | 2024-11-21 | N/A | 9.9 CRITICAL |
| Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. | |||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | |||||
| CVE-2023-33992 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2024-11-21 | N/A | 4.5 MEDIUM |
| The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level. | |||||
| CVE-2023-33983 | 1 Briarproject | 1 Briar | 2024-11-21 | N/A | 7.4 HIGH |
| The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | |||||
| CVE-2023-33970 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
| Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33968 | 1 Kanboard | 1 Kanboard | 2024-11-21 | N/A | 5.4 MEDIUM |
| Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33948 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | |||||
| CVE-2023-33923 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. | |||||
| CVE-2023-33922 | 1 Elementor | 1 Website Builder | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | |||||