Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Tytuł
Data
Autor
Med.
SAP Solution Manager 7.2 Missing Authorization
15.06.2021
Pablo Artuso
Med.
URVE Software Build 24.03.2020 Missing Authorization
30.12.2020
Erik Steltzner
Low
1CRM 8.6.7 Insecure Direct Object Reference
17.09.2020
Andreas Sperber
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Lenovo ShareIT Information Disclosure / Hardcoded Password
26.01.2016
CoreLabs
High
SAP Afaria 7 Missing Authorization Check
19.06.2015
Vahagn Vardanyan
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2024-10-23
CVE-2024-43924
Updating...
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
CVE-2024-9583
Updating...
The RSS Aggregator �?? RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send premium support requests with an attacker-controlled subject line and email address to support allowing them to impersonate the site owner. License information may also be leaked.
CVE-2024-9829
Updating...
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed.
2024-10-22
CVE-2024-10003
Updating...
The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.
2024-10-21
CVE-2024-49321
Updating...
Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7.
CVE-2024-49293
Updating...
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.
CVE-2024-49367
Updating...
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue.
2024-10-20
CVE-2024-49325
Updating...
Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.
2024-10-18
CVE-2024-10078
Updating...
The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.
CVE-2024-9364
Updating...
The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's log files.
Copyright
2024
, cxsecurity.com
Back to Top
Polish
English