Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27264 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 7.1 HIGH |
| A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | |||||
| CVE-2023-27263 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | |||||
| CVE-2023-26957 | 1 Onekeyadmin | 1 Onekeyadmin | 2024-11-21 | N/A | 9.1 CRITICAL |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | |||||
| CVE-2023-26562 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. | |||||
| CVE-2023-26523 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. | |||||
| CVE-2023-26521 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104. | |||||
| CVE-2023-26510 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 5.7 MEDIUM |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | |||||
| CVE-2023-26301 | 1 Hp | 38 Color Laserjet Pro 4201-4203 4ra87f, Color Laserjet Pro 4201-4203 4ra87f Firmware, Color Laserjet Pro 4201-4203 4ra88f and 35 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | |||||
| CVE-2023-26269 | 1 Apache | 1 James | 2024-11-21 | N/A | 7.8 HIGH |
| Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. | |||||
| CVE-2023-26035 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | N/A | 7.2 HIGH |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-25799 | 1 Themeum | 1 Tutor Lms | 2024-11-21 | N/A | 8.3 HIGH |
| Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | |||||
| CVE-2023-25785 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | |||||
| CVE-2023-25768 | 1 Jenkins | 1 Azure Credentials | 2024-11-21 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | |||||
| CVE-2023-25766 | 1 Jenkins | 1 Azure Credentials | 2024-11-21 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-25715 | 1 Gamipress | 1 Gamipress | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | |||||
| CVE-2023-25573 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 8.6 HIGH |
| metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-25552 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | N/A | 8.1 HIGH |
| A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25457 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1. | |||||
| CVE-2023-25039 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43. | |||||
| CVE-2023-25030 | 1 Buymeacoffee | 1 Buy Me A Coffee | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | |||||