Total
4406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0593 | 1 Presstigers | 1 Simple Job Board | 2025-01-31 | 5.3 Medium |
| The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. | ||||
| CVE-2024-13312 | 2025-01-31 | 5.3 Medium | ||
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. | ||||
| CVE-2023-22728 | 1 Silverstripe | 1 Framework | 2025-01-31 | 4.3 Medium |
| Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | ||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.7 Low |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.1 Low |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||||
| CVE-2022-45351 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 5.4 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2022-45352 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 5.4 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2022-45356 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 5.4 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2023-39998 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 8.2 High |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1. | ||||
| CVE-2022-45349 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 4.3 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2024-1380 | 1 Relevanssi | 1 Relevanssi | 2025-01-31 | 5.3 Medium |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is. | ||||
| CVE-2024-1991 | 1 Metagauss | 1 Registrationmagic | 2025-01-31 | 8.8 High |
| The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator | ||||
| CVE-2025-24461 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | 6.5 Medium |
| In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | ||||
| CVE-2024-13715 | 1 Ikjweb | 1 Zstore Manager Basic | 2025-01-30 | 4.3 Medium |
| The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache. | ||||
| CVE-2024-38190 | 1 Microsoft | 1 Power Platform | 2025-01-29 | 8.6 High |
| Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | ||||
| CVE-2024-38179 | 1 Microsoft | 1 Azure Stack Hci | 2025-01-29 | 8.8 High |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | ||||
| CVE-2022-0543 | 3 Canonical, Debian, Redis | 3 Ubuntu Linux, Debian Linux, Redis | 2025-01-29 | 10 Critical |
| It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | ||||
| CVE-2024-37204 | 1 Wp-property-hive | 1 Propertyhive | 2025-01-29 | 4.3 Medium |
| Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9. | ||||
| CVE-2023-27963 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-01-29 | 7.5 High |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user. | ||||
| CVE-2024-9161 | 1 Rankmath | 1 Seo | 2025-01-29 | 6.5 Medium |
| The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators. | ||||