Total
6215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49196 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7. | ||||
| CVE-2023-48332 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in Tech Banker Mail Bank - #1 Mail SMTP Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for WordPress: from n/a through 4.0.14. | ||||
| CVE-2023-48287 | 2024-12-09 | 5.4 Medium | ||
| Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0. | ||||
| CVE-2023-48274 | 2024-12-09 | 6.5 Medium | ||
| Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5. | ||||
| CVE-2023-47871 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6. | ||||
| CVE-2023-47849 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in blossomthemes BlossomThemes Email Newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.4. | ||||
| CVE-2023-47780 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in EasyAzon EasyAzon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through 5.1.0. | ||||
| CVE-2023-47776 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in miniOrange miniorange otp verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through 4.2.1. | ||||
| CVE-2023-47756 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6. | ||||
| CVE-2023-32126 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1. | ||||
| CVE-2023-31073 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through 1.2.0. | ||||
| CVE-2023-25067 | 2024-12-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through 1.45. | ||||
| CVE-2022-1384 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.7 Medium |
| Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | ||||
| CVE-2023-27263 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of. | ||||
| CVE-2023-27264 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 7.1 High |
| A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API. | ||||
| CVE-2023-1774 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 4.2 Medium |
| When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. | ||||
| CVE-2023-2193 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 6.5 Medium |
| Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. | ||||
| CVE-2023-2783 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps. | ||||
| CVE-2023-2784 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.2 Medium |
| Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps. | ||||
| CVE-2023-2786 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands. | ||||