Search
Search Results (9808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4226 | 1 Drupal | 1 Authenticated User Page Caching | 2024-08-06 | 6.5 Medium |
| The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | ||||
| CVE-2013-4182 | 2 Redhat, Theforeman | 4 Openstack, Satellite, Satellite Capsule and 1 more | 2024-08-06 | N/A |
| app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | ||||
| CVE-2013-4228 | 1 Organic Groups Project | 1 Organic Groups | 2024-08-06 | 4.3 Medium |
| The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | ||||
| CVE-2013-3960 | 1 Easytimestudio | 1 Easy File Manager | 2024-08-06 | 9.9 Critical |
| Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | ||||
| CVE-2024-7135 | 2024-08-01 | 6.5 Medium | ||
| The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-2508 | 1 Freshlight | 1 Wp Mobile Menu | 2024-07-31 | 5.3 Medium |
| The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability. | ||||
| CVE-2019-9619 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | ||||
| CVE-2019-9374 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | ||||