Total
1059 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-4711 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-14 | N/A | 4.3 MEDIUM |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. | |||||
CVE-2023-22473 | 1 Nextcloud | 1 Talk | 2023-01-13 | N/A | 2.1 LOW |
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. | |||||
CVE-2023-0017 | 1 Sap | 1 Netweaver Application Server For Java | 2023-01-13 | N/A | 9.8 CRITICAL |
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | |||||
CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2023-01-13 | N/A | 6.7 MEDIUM |
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | |||||
CVE-2022-4705 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 4.3 MEDIUM |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. | |||||
CVE-2022-4708 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 6.5 MEDIUM |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed. | |||||
CVE-2022-4700 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 8.8 HIGH |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme. | |||||
CVE-2022-4709 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 6.5 MEDIUM |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library. | |||||
CVE-2022-4703 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 8.1 HIGH |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data. | |||||
CVE-2022-4702 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 6.5 MEDIUM |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues. | |||||
CVE-2022-4704 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2023-01-12 | N/A | 8.1 HIGH |
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings. | |||||
CVE-2022-3923 | 1 Activecampaign | 1 Activecampaign For Woocommerce | 2023-01-12 | N/A | 4.3 MEDIUM |
The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. | |||||
CVE-2014-125054 | 1 Reddit-on-rails Project | 1 Reddit-on-rails | 2023-01-12 | N/A | 4.3 MEDIUM |
A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability. | |||||
CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2023-01-10 | N/A | 8.1 HIGH |
A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | |||||
CVE-2022-4229 | 1 Book Store Management System Project | 1 Book Store Management System | 2023-01-09 | N/A | 9.8 CRITICAL |
A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | |||||
CVE-2022-4814 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4807 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4809 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 8.8 HIGH |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4810 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 4.3 MEDIUM |
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
CVE-2022-4724 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 9.8 CRITICAL |
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. |