ReportizFlow
Filtered by vendor
Subscriptions
Total
529 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47653 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | 6.5 Medium |
| This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users. | ||||
| CVE-2024-9519 | 2 Userplus, Wpuserplus | 2 User Registration And User Profile, Userplus | 2024-10-15 | 7.2 High |
| The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation. | ||||
| CVE-2024-48941 | 1 Syracom | 1 Secure Login | 2024-10-12 | 9.1 Critical |
| The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. | ||||
| CVE-2024-46511 | 1 Loadzilla | 1 Loadlogic | 2024-10-04 | 7.5 High |
| LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function. | ||||
| CVE-2024-22303 | 1 Favethemes | 1 Houzez | 2024-09-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. | ||||
| CVE-2024-8253 | 1 Pickplugins | 1 Post Grid | 2024-09-25 | 8.8 High |
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator. | ||||
| CVE-2024-21743 | 1 Favethemes | 1 Houzez | 2024-09-20 | 8.8 High |
| Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. | ||||
| CVE-2024-39579 | 1 Dell | 1 Powerscale Onefs | 2024-09-03 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | ||||
| CVE-2024-6322 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2024-09-03 | 4.4 Medium |
| Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource. | ||||