Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10512 matches found

Prion
Prionadded 2023/06/15 7:15 p.m.18 views

Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...

4CVSS4.9AI score0.00585EPSS
Exploits0References1Affected Software2
Prion
Prionadded 2023/06/15 7:15 p.m.21 views

Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

4CVSS4.5AI score0.00585EPSS
Exploits0References1Affected Software2
Cvelist
Cvelistadded 2023/06/15 12:0 a.m.16 views

CVE-2023-29296 [Cloud] Customer suspects IDOR vulnerability

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another...

4.3CVSS4.7AI score0.00585EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/06/15 12:0 a.m.9 views

CVE-2023-29288 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

4.3CVSS6.7AI score0.00585EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2023/06/14 2:39 p.m.3 views

cri-o: incorrect handling of the supplementary groups

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

7.1CVSS6.9AI score0.0036EPSS
Exploits1References5
CVE
CVEadded 2023/06/13 2:42 a.m.39 views

CVE-2023-32115

CVE-2023-32115 affects SAP MDS COMPARE TOOL, where an attacker can use specially crafted inputs to trigger a SQL injection in MDS COMPARE TOOL, allowing reading and modifying database commands and exposing additional persisted information. The issue is documented across multiple feeds (NVD, Red H...

6.1CVSS5AI score0.00217EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2023/06/13 2:15 a.m.0 views

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

6.5CVSS6.8AI score0.0064EPSS
Exploits1References7
OSV
OSVadded 2023/06/13 2:15 a.m.5 views

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

4.3CVSS5.9AI score0.0064EPSS
Exploits1References6
Prion
Prionadded 2023/06/13 2:15 a.m.16 views

Design/Logic Flaw

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

4CVSS4.4AI score0.0064EPSS
Exploits1References6Affected Software1
Cvelist
Cvelistadded 2023/06/13 1:48 a.m.41 views

CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

6.5CVSS6.2AI score0.0064EPSS
Exploits1References6
CVE
CVEadded 2023/06/13 1:48 a.m.37 views

CVE-2023-2351

The CVE-2023-2351 case concerns WP Directory Kit for WordPress. Vulnerable up to 1.2.3 due to missing authorization checks in wdk_admin_action, enabling authenticated users with subscriber-level privileges or higher to modify data, alter plugin settings, import demo data, delete Directory Kit con...

6.5CVSS5.2AI score0.0064EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2023/06/12 3:15 a.m.5 views

CVE-2023-35036

In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

9.1CVSS5.8AI score0.12808EPSS
Exploits0References2
NVD
NVDadded 2023/06/09 1:15 p.m.12 views

CVE-2023-2284

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS4.3AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/06/09 12:32 p.m.32 views

CVE-2023-2284 WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db

The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchdb function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make...

4.3CVSS4.6AI score0.00386EPSS
Exploits0References2
CVE
CVEadded 2023/06/09 12:32 p.m.66 views

CVE-2023-2284

CVE-2023-2284 (and related 2285) affects the WP Activity Log Premium plugin for WordPress. The issue is an unauthorized modification of data caused by a missing capability check in the ajax_switch_db function, affecting versions up to 4.5.0. Authenticated users with subscriber-level privileges or...

4.3CVSS4.6AI score0.00386EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2023/06/09 6:16 a.m.1 views

CVE-2023-2557

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.8AI score0.00409EPSS
Exploits0References3
NVD
NVDadded 2023/06/09 6:16 a.m.9 views

CVE-2023-2556

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...

4.3CVSS4.4AI score0.00434EPSS
Exploits0References2
NVD
NVDadded 2023/06/09 6:16 a.m.18 views

CVE-2023-2555

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.3AI score0.00434EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2023/06/09 6:16 a.m.4 views

CVE-2023-2414

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...

5.4CVSS6.8AI score0.00484EPSS
Exploits1References5
NVD
NVDadded 2023/06/09 6:16 a.m.11 views

CVE-2023-2414

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...

5.4CVSS5.1AI score0.00484EPSS
Exploits1References5
Rows per page
Query Builder