| 2024-11-15 | CVE-2024-50651 | Authorization Bypass Through User-Controlled Key vulnerability in Geeeeeeeek Java Shop 1.0
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. | 6.5 |
| 2024-11-15 | CVE-2021-3991 | Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. | 4.3 |
| 2024-11-13 | CVE-2024-10794 | The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-13 | CVE-2024-10778 | The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-12 | CVE-2023-47543 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. | 8.1 |
| 2024-11-12 | CVE-2024-10695 | Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-11 | CVE-2024-11073 | Authorization Bypass Through User-Controlled Key vulnerability in Mayurik Hospital Management System 1.0
A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. | 8.1 |
| 2024-11-09 | CVE-2024-10688 | The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-10669 | The Countdown Timer block – Display the event's date into a timer. | 4.3 |
| 2024-11-09 | CVE-2024-10770 | Authorization Bypass Through User-Controlled Key vulnerability in Envothemes Envo Extra
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |