Export limit exceeded: 342047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7280 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12110 | 2024-12-06 | 4.3 Medium | ||
| The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses. | ||||
| CVE-2024-11323 | 1 Autoquiz | 1 Ai Quiz | 2024-12-06 | 8.8 High |
| The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-12028 | 1 Alex Kirk | 1 Friends | 2024-12-06 | 5.3 Medium |
| The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend. | ||||
| CVE-2024-12155 | 1 Straightvisions | 1 Sv100 Companion | 2024-12-06 | 9.8 Critical |
| The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-41624 | 2024-12-05 | 6.3 Medium | ||
| Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact. | ||||
| CVE-2023-21173 | 1 Google | 1 Android | 2024-12-05 | 5.5 Medium |
| In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | ||||
| CVE-2023-36348 | 1 Codekop | 1 Codekop | 2024-12-05 | 8.8 High |
| POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | ||||
| CVE-2023-20772 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2024-12-04 | 6.7 Medium |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441796; Issue ID: ALPS07441796. | ||||
| CVE-2023-21185 | 1 Google | 1 Android | 2024-12-04 | 7.8 High |
| In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-266700762 | ||||
| CVE-2023-21177 | 1 Google | 1 Android | 2024-12-04 | 5.5 Medium |
| In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410 | ||||
| CVE-2024-10663 | 2024-12-04 | 4.3 Medium | ||
| The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason. | ||||
| CVE-2024-11743 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-20773 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6735 and 31 more | 2024-12-04 | 7.8 High |
| In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735. | ||||
| CVE-2024-11673 | 1 1000projects | 1 Bookstore Management System | 2024-12-04 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-53605 | 1 Handcent | 1 Nextcms | 2024-12-04 | 7.5 High |
| Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. | ||||
| CVE-2024-11643 | 1 Allaccessible | 1 Accessibility | 2024-12-04 | 8.8 High |
| The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2023-33895 | 2 Google, Unisoc | 14 Android, S8004, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33894 | 2 Google, Unisoc | 14 Android, S8003, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33893 | 2 Google, Unisoc | 14 Android, S8002, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-33892 | 2 Google, Unisoc | 14 Android, S8001, Sc7731e and 11 more | 2024-12-04 | 5.5 Medium |
| In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||