| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability. |
| Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce wpc-smart-linked-products allows Privilege Escalation.This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through <= 1.3.5. |
| Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6.7, 1.7.0-pr.251.885 through 1.7.8 and 1.8.0-dev.909 through 1.8.4, an authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor impersonation across all Fedify instances. This is fixed in versions 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9 and 1.8.5. |
| Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7. |
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.
|
| SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. |
| An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. |
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data. |
| Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1. |
| A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable. |
| Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8. |
| Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2. |
| Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.
|
| Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3. |
| The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password. |
| Missing Authorization vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through <= 6.6.4.1. |
| The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. |
| The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings. |
| Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. |
| Missing Authorization vulnerability in radicaldesigns radSLIDE radslide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects radSLIDE: from n/a through <= 2.1. |
