Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6994 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0516 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 5.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata. | ||||
| CVE-2024-0766 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-01-08 | 4.3 Medium |
| The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates. | ||||
| CVE-2024-0385 | 1 Frenify | 1 Categorify | 2025-01-08 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories. | ||||
| CVE-2024-1095 | 2 Razib , Themeperch | 2 Build And Control Block Patterns, Build \& Control Block Pattern | 2025-01-08 | 5.3 Medium |
| The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings. | ||||
| CVE-2024-1178 | 1 Themeboy | 1 Sportspress | 2025-01-08 | 5.3 Medium |
| The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | ||||
| CVE-2024-24833 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | 4.3 Medium |
| Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | ||||
| CVE-2024-1285 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2025-01-08 | 6.5 Medium |
| The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts. | ||||
| CVE-2024-50417 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | 4.3 Medium |
| Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3. | ||||
| CVE-2023-33477 | 1 Harmonicinc | 2 Nsg 9000-6g, Nsg 9000-6g Firmware | 2025-01-08 | 6.5 Medium |
| In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. | ||||
| CVE-2023-30863 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 7.8 High |
| In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48448 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48447 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48446 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48392 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 7.8 High |
| In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48391 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2023-33968 | 1 Kanboard | 1 Kanboard | 2025-01-08 | 5.4 Medium |
| Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-33970 | 1 Kanboard | 1 Kanboard | 2025-01-08 | 5.4 Medium |
| Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-30915 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30914 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-30866 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||