Total
319 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2535 | 1 Searchwp | 1 Searchwp Live Ajax Search | 2022-08-16 | N/A | 5.3 MEDIUM |
| The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink | |||||
| CVE-2021-41120 | 1 Sylius | 1 Paypal | 2022-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Credit card form has prefilled "credit card holder" field with the Customer's first and last name and hence this can lead to personally identifiable information exposure. Additionally, the mentioned form did not require authentication. The problem has been patched in Sylius/PayPalPlugin 1.2.4 and 1.3.1. If users are unable to update they can override a sylius_paypal_plugin_pay_with_paypal_form route and change its URL parameters to (for example) {orderToken}/{paymentId}, then override the Sylius\PayPalPlugin\Controller\PayWithPayPalFormAction service, to operate on the payment taken from the repository by these 2 values. It would also require usage of custom repository method. Additionally, one could override the @SyliusPayPalPlugin/payWithPaypal.html.twig template, to add contingencies: ['SCA_ALWAYS'] line in hostedFields.submit(...) function call (line 421). It would then have to be handled in the function callback. | |||||
| CVE-2022-2730 | 1 Open-emr | 1 Openemr | 2022-08-12 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2022-2367 | 1 Wsm Downloader Project | 1 Wsm Downloader | 2022-08-11 | N/A | 7.5 HIGH |
| The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation | |||||
| CVE-2022-2499 | 1 Gitlab | 1 Gitlab | 2022-08-11 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. | |||||
| CVE-2022-36284 | 1 Storeapps | 1 Affiliate For Woocommerce | 2022-08-10 | N/A | 6.5 MEDIUM |
| Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. | |||||
| CVE-2021-43828 | 1 Patrowl | 1 Patrowlmanager | 2022-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds. | |||||
| CVE-2021-3992 | 1 Kimai2 Project | 1 Kimai2 | 2022-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| kimai2 is vulnerable to Improper Access Control | |||||
| CVE-2022-1600 | 1 Yop-poll | 1 Yop Poll | 2022-08-04 | N/A | 5.3 MEDIUM |
| The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. | |||||
| CVE-2022-33944 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | N/A | 6.5 MEDIUM |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. | |||||
| CVE-2022-34150 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | N/A | 5.4 MEDIUM |
| The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. | |||||
| CVE-2022-1881 | 1 Octopus | 1 Octopus Server | 2022-07-27 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space. | |||||
| CVE-2022-2193 | 1 Hypr | 1 Hypr Server | 2022-07-27 | N/A | 8.8 HIGH |
| Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1. | |||||
| CVE-2021-24655 | 1 Wpusermanager | 1 Wp User Manager | 2022-07-18 | 6.0 MEDIUM | 7.5 HIGH |
| The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account. | |||||
| CVE-2022-30852 | 1 Withknown | 1 Known | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | |||||
| CVE-2022-23173 | 1 Priority-software | 1 Priority | 2022-07-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed. | |||||
| CVE-2022-31883 | 1 Marvalglobal | 1 Marval Msm | 2022-07-14 | 4.0 MEDIUM | 8.8 HIGH |
| Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. | |||||
| CVE-2020-36126 | 1 Paxtechnology | 1 Paxstore | 2022-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment terminals, where an attacker can impersonate any user which may lead to the unauthorized disclosure, modification, or destruction of information. | |||||
| CVE-2021-37331 | 1 Bookingcore | 1 Booking Core | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL. | |||||
| CVE-2021-41608 | 1 Classapps | 1 Selectsurvey.net | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | |||||