Total
7288 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34165 | 1 Huawei | 1 Harmonyos | 2024-12-17 | 5.3 Medium |
| Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions. | ||||
| CVE-2024-23704 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-48491 | 1 Huawei | 1 Emui | 2024-12-17 | 5.3 Medium |
| Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time. | ||||
| CVE-2024-8434 | 1 Themehunk | 1 Mega Menu | 2024-12-17 | 4.3 Medium |
| The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings. | ||||
| CVE-2024-0038 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-41866 | 2024-12-16 | 4.3 Medium | ||
| Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3. | ||||
| CVE-2023-41869 | 2024-12-16 | 4.3 Medium | ||
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4. | ||||
| CVE-2023-41951 | 2024-12-16 | 4.3 Medium | ||
| Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14. | ||||
| CVE-2024-28230 | 1 Jetbrains | 1 Youtrack | 2024-12-16 | 6.5 Medium |
| In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions | ||||
| CVE-2023-40105 | 1 Google | 1 Android | 2024-12-13 | 5.5 Medium |
| In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-46807 | 2024-12-13 | 4.3 Medium | ||
| Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2. | ||||
| CVE-2022-46811 | 2024-12-13 | 4.3 Medium | ||
| Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21. | ||||
| CVE-2022-47429 | 2024-12-13 | 5.3 Medium | ||
| Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin: from n/a through 2.2.0. | ||||
| CVE-2022-47182 | 2024-12-13 | 5.3 Medium | ||
| Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1. | ||||
| CVE-2023-36506 | 2024-12-13 | 5.3 Medium | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0. | ||||
| CVE-2023-36509 | 2024-12-13 | 5.4 Medium | ||
| Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5. | ||||
| CVE-2023-36510 | 2024-12-13 | 7.3 High | ||
| Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211. | ||||
| CVE-2022-47168 | 2024-12-13 | 4.3 Medium | ||
| Missing Authorization vulnerability in Printful Printful Integration for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through 2.2.3. | ||||
| CVE-2023-40113 | 1 Google | 1 Android | 2024-12-13 | 5.5 Medium |
| In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-34381 | 2024-12-13 | 5.3 Medium | ||
| Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2. | ||||