Export limit exceeded: 324797 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10333 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9988 | 1 Odude | 2 Crypto, Crypto Tool | 2024-11-07 | 9.8 Critical |
| The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | ||||
| CVE-2024-49675 | 1 Vitaliibryl | 1 Switch User | 2024-11-06 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1. | ||||
| CVE-2024-48932 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2024-11-06 | 5.3 Medium |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available. | ||||
| CVE-2024-10766 | 1 Codezips | 1 Free Exam Hall Seating Management System | 2024-11-06 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names. | ||||
| CVE-2024-10765 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.3 Medium |
| A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10764 | 1 Codezips | 1 Online Institute Management System | 2024-11-06 | 6.3 Medium |
| A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-47406 | 2 Sharp, Toshibatec | 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more | 2024-11-05 | 9.1 Critical |
| Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. | ||||
| CVE-2024-9235 | 1 Mapster | 1 Mapster Wp Maps | 2024-11-05 | 8.8 High |
| The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-10654 | 1 Totolink | 1 Lr350 | 2024-11-05 | 5.3 Medium |
| A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-10598 | 2 Tongda, Tongda2000 | 2 Oa 2017, Office Anywhere | 2024-11-04 | 5.3 Medium |
| A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7475 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-04 | 9.1 Critical |
| An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users. | ||||
| CVE-2024-10620 | 1 Knightliao | 1 Disconf | 2024-11-01 | 5.3 Medium |
| A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39772 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-01 | 3.7 Low |
| Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs. | ||||
| CVE-2024-7424 | 2024-11-01 | 5.4 Medium | ||
| The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects. | ||||
| CVE-2024-50503 | 2024-11-01 | 9.8 Critical | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3. | ||||
| CVE-2024-10458 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2024-10-31 | 6.5 Medium |
| A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2024-50488 | 2 Priyabrata Sarkar, Priyabratasarkar | 2 Token Login, Token Login | 2024-10-31 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3. | ||||
| CVE-2024-50478 | 2 Swoop, Swoopnow | 2 1-click Login\, 1-click Login\ | 2024-10-31 | 9.8 Critical |
| Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | ||||
| CVE-2024-50477 | 2 Stacks, Stacksmarket | 2 Stacks Mobile App Builder, Stacks Mobile App Builder | 2024-10-31 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | ||||
| CVE-2024-50487 | 1 Maantheme | 1 Maanstore Api | 2024-10-31 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1. | ||||