Search Results (Refine Search)
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-51524 |
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. Published: June 12, 2024; 6:15:28 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-51413 |
Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. Published: June 12, 2024; 6:15:28 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48280 |
Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1. Published: June 12, 2024; 6:15:28 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-47845 |
Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. Published: June 12, 2024; 6:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-47828 |
Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. Published: June 12, 2024; 6:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-44234 |
Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08. Published: June 12, 2024; 6:15:27 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-41240 |
Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. Published: June 12, 2024; 6:15:26 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-40672 |
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1. Published: June 12, 2024; 6:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-40603 |
Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through 2.3.4. Published: June 12, 2024; 6:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-40209 |
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. Published: June 12, 2024; 6:15:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-38395 |
Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1. Published: June 12, 2024; 6:15:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-25030 |
Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. Published: June 12, 2024; 6:15:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5742 |
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. Published: June 12, 2024; 5:15:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5468 |
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site. Published: June 12, 2024; 5:15:21 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5266 |
The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: June 12, 2024; 5:15:21 AM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-5203 |
A Cross-site request forgery (CSRF) flaw was found in Keycloak and occurs due to the lack of a unique token sent during the authentication POST request, /login-actions/authenticate. This flaw allows an attacker to craft a malicious login page and trick a legitimate user of an application into authenticating with an attacker-controlled account instead of their own. Published: June 12, 2024; 5:15:20 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-5154 |
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. Published: June 12, 2024; 5:15:19 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3183 |
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). Published: June 12, 2024; 5:15:18 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-52177 |
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. Published: June 12, 2024; 5:15:16 AM -0400 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2023-52117 |
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. Published: June 12, 2024; 5:15:15 AM -0400 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0:(not available) |