Total
1368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47475 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47472 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47473 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47471 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47461 | 2 Google, Unisoc | 27 Android, S8000, S8000 Firmware and 24 more | 2023-03-15 | N/A | 6.7 MEDIUM |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47480 | 2 Google, Unisoc | 27 Android, S8000, S8000 Firmware and 24 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47481 | 2 Google, Unisoc | 27 Android, S8000, S8000 Firmware and 24 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47462 | 2 Google, Unisoc | 27 Android, S8000, S8000 Firmware and 24 more | 2023-03-15 | N/A | 6.7 MEDIUM |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2023-25573 | 1 Metersphere | 1 Metersphere | 2023-03-15 | N/A | 7.5 HIGH |
| metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-26957 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-15 | N/A | 9.1 CRITICAL |
| onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | |||||
| CVE-2023-1339 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules. | |||||
| CVE-2023-1338 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules. | |||||
| CVE-2023-1336 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching. | |||||
| CVE-2023-1337 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files. | |||||
| CVE-2023-1335 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site. | |||||
| CVE-2023-1333 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache. | |||||
| CVE-2023-1334 | 1 Rapidload | 1 Power-up For Autoptimize | 2023-03-14 | N/A | 4.3 MEDIUM |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache. | |||||
| CVE-2021-4331 | 1 Posimyth | 1 The Plus Addons For Elementor | 2023-03-14 | N/A | 8.8 HIGH |
| The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post). | |||||
| CVE-2022-4931 | 1 Xibodevelopment | 1 Backupwordpress | 2023-03-14 | N/A | 4.3 MEDIUM |
| The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | |||||
| CVE-2022-4932 | 1 Boldgrid | 1 Total Upkeep | 2023-03-14 | N/A | 4.3 MEDIUM |
| The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | |||||