Skip to main content
CVE-2023-28165 MEDIUM This Month

Missing Authorization vulnerability in Varun Sharma Backup Bank: WordPress Backup Plugin wp-backup-bank allows Exploiting Incorrectly Configured Access Control Security Levels.0.28. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-27625 MEDIUM This Month

Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-25026 MEDIUM This Month

Missing Authorization vulnerability in Otávio Augusto PayPal Brasil para WooCommerce paypal-brasil-para-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23823 MEDIUM This Month

Missing Authorization vulnerability in cl272 Enhanced Text Widget enhanced-text-widget allows Exploiting Incorrectly Configured Access Control Security Levels.5.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47871 MEDIUM This Month

Missing Authorization vulnerability in itpathsolutions Contact Form to Any API contact-form-to-any-api allows Exploiting Incorrectly Configured Access Control Security Levels.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32126 MEDIUM This Month

Missing Authorization vulnerability in wpoperations SALERT salert allows Exploiting Incorrectly Configured Access Control Security Levels.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-38485 MEDIUM This Month

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Dell Elastic Cloud Storage
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-12307 MEDIUM This Month

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12306 MEDIUM This Month

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-12305 MEDIUM This Month

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-55578 MEDIUM This Month

Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-55565 MEDIUM PATCH This Month

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-12369 MEDIUM PATCH This Month

A vulnerability was found in OIDC-Client. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2023-23814 LOW Monitor

Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.4.13. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2023-28168 LOW Monitor

Missing Authorization vulnerability in sant0sk1 WordPress Console wordpress-console allows Exploiting Incorrectly Configured Access Control Security Levels.3.9. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2023-24375 LOW Monitor

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows Exploiting Incorrectly Configured Access Control Security Levels.5.14. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2023-23825 LOW Monitor

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.3.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2024-12174 LOW Monitor

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2024-53947 LOW PATCH Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL Superset
NVD
CVSS 4.0
2.3
EPSS
0.8%
CVE-2024-12057 LOW Monitor

User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. Rated low severity (CVSS 1.8). No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
1.8
EPSS
0.1%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy