Total
1567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4819 | 1 Campcodes | 1 Online Laundry Management System | 2025-02-20 | 4.3 Medium |
| A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file admin_class.php. The manipulation of the argument type with the input 1 leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263940. | ||||
| CVE-2024-2574 | 1 Oretnom23 | 1 Employee Task Management System | 2025-02-20 | 7.3 High |
| A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability. | ||||
| CVE-2024-2575 | 1 Oretnom23 | 1 Employee Task Management System | 2025-02-20 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-2576 | 1 Oretnom23 | 1 Employee Task Management System | 2025-02-20 | 7.3 High |
| A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079. | ||||
| CVE-2024-2577 | 1 Oretnom23 | 1 Employee Task Management System | 2025-02-20 | 7.3 High |
| A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080. | ||||
| CVE-2023-28686 | 3 Debian, Dino, Fedoraproject | 3 Debian Linux, Dino, Fedora | 2025-02-19 | 5.3 Medium |
| Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. | ||||
| CVE-2023-24834 | 1 Wisdomgarden | 1 Tronclass Ilearn | 2025-02-19 | 6.5 Medium |
| WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL. | ||||
| CVE-2023-24842 | 1 Hgiga | 1 Oaklouds Mailsherlock | 2025-02-19 | 5.3 Medium |
| HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL. | ||||
| CVE-2024-13601 | 1 Majesticsupport | 1 Majestic Support | 2025-02-18 | 4.3 Medium |
| The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export ticket data for any user. | ||||
| CVE-2023-26984 | 1 Peppermint | 1 Peppermint | 2025-02-18 | 8.1 High |
| An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. | ||||
| CVE-2024-1470 | 1 Netiq | 1 Client Login Extension | 2025-02-14 | 7.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. | ||||
| CVE-2023-0967 | 1 Imaworldhealth | 1 Bhima | 2025-02-13 | 6.5 Medium |
| Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform. | ||||
| CVE-2023-44249 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-02-13 | 4.1 Medium |
| An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | ||||
| CVE-2023-32352 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-02-13 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks. | ||||
| CVE-2023-3219 | 1 Myeventon | 1 Eventon | 2025-02-13 | 5.3 Medium |
| The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post. | ||||
| CVE-2023-2844 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2025-02-12 | 4.9 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | ||||
| CVE-2023-2713 | 1 Rental Module Project | 1 Rental Module | 2025-02-12 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. | ||||
| CVE-2024-43322 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-11 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100. | ||||
| CVE-2023-1417 | 1 Gitlab | 1 Gitlab | 2025-02-11 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group. | ||||
| CVE-2024-32683 | 1 Wpmet | 1 Wp Ultimate Review | 2025-02-09 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | ||||