2024-10-29 | CVE-2024-7473 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2 An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. | 6.5 |
2024-10-29 | CVE-2024-7474 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
2024-10-28 | CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. | 9.8 |
2024-10-28 | CVE-2024-10439 | Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. | 7.5 |
2024-10-26 | CVE-2024-9637 | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. | 8.8 |
2024-10-18 | CVE-2024-10121 | Authorization Bypass Through User-Controlled Key vulnerability in Riskengine Radar A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. | 9.8 |
2024-10-17 | CVE-2024-9215 | The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. | 8.8 |
2024-10-17 | CVE-2024-9862 | The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. network low complexity CWE-639 critical | 9.8 |
2024-10-16 | CVE-2023-7286 | The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. | 6.5 |
2024-10-15 | CVE-2024-49388 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16 Sensitive information manipulation due to improper authorization. | 9.1 |