Total
514 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50485 | 1 Udit Rawat | 1 Exam Matrix | 2024-10-29 | 9.8 Critical |
| : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. | ||||
| CVE-2024-50550 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-29 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. | ||||
| CVE-2024-49608 | 1 Gerryntabuhashe | 1 Gerryworks Post By Mail | 2024-10-24 | 8.8 High |
| : Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. | ||||
| CVE-2024-9863 | 1 Miniorange | 1 Otp Verification | 2024-10-18 | 9.8 Critical |
| The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. | ||||
| CVE-2024-49322 | 1 Codepassenger | 1 Job Board Manager For Wordpress | 2024-10-18 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0. | ||||
| CVE-2024-47653 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | 6.5 Medium |
| This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users. | ||||
| CVE-2024-9519 | 2 Userplus, Wpuserplus | 2 User Registration And User Profile, Userplus | 2024-10-15 | 7.2 High |
| The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation. | ||||
| CVE-2024-48941 | 1 Syracom | 1 Secure Login | 2024-10-11 | 9.1 Critical |
| The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. | ||||
| CVE-2024-46511 | 1 Loadzilla | 1 Loadlogic | 2024-10-04 | 7.5 High |
| LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function. | ||||
| CVE-2024-22303 | 1 Favethemes | 1 Houzez | 2024-09-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. | ||||
| CVE-2024-8253 | 1 Pickplugins | 1 Post Grid | 2024-09-25 | 8.8 High |
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator. | ||||
| CVE-2024-21743 | 1 Favethemes | 1 Houzez | 2024-09-20 | 8.8 High |
| Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. | ||||
| CVE-2024-39579 | 1 Dell | 1 Powerscale Onefs | 2024-09-03 | 6.7 Medium |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | ||||
| CVE-2024-6322 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2024-09-03 | 4.4 Medium |
| Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource. | ||||