ReportizFlow
Filtered by vendor
Subscriptions
Total
710 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3287 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. | ||||
| CVE-2023-3286 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 7.7 High |
| A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation. | ||||
| CVE-2023-3285 | 2024-11-21 | 7.7 High | ||
| A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation. | ||||
| CVE-2023-3219 | 1 Myeventon | 1 Eventon | 2024-11-21 | 5.3 Medium |
| The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post. | ||||
| CVE-2023-3066 | 1 Mobatime | 1 Amxgt 100 | 2024-11-21 | 8.1 High |
| Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | ||||
| CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-11-21 | 9.8 Critical |
| Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | ||||
| CVE-2023-38884 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' | ||||
| CVE-2023-38872 | 1 Economizzer | 1 Economizzer | 2024-11-21 | 3.7 Low |
| An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | ||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2024-11-21 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | ||||
| CVE-2023-38055 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.6 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38054 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38053 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38052 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38051 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38050 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.1 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38049 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38048 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38047 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.5 High |
| A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2024-11-21 | 8.2 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | ||||
| CVE-2023-37543 | 1 Cacti | 1 Cacti | 2024-11-21 | 7.5 High |
| Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723. | ||||