| 2024-11-11 | CVE-2024-11073 | Authorization Bypass Through User-Controlled Key vulnerability in Mayurik Hospital Management System 1.0
A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. | 8.1 |
| 2024-11-09 | CVE-2024-10688 | The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-10669 | The Countdown Timer block – Display the event's date into a timer. | 4.3 |
| 2024-11-09 | CVE-2024-10770 | Authorization Bypass Through User-Controlled Key vulnerability in Envothemes Envo Extra
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-10693 | Authorization Bypass Through User-Controlled Key vulnerability in Sktthemes SKT Addons for Elementor
The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-9262 | The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. | 6.5 |
| 2024-11-01 | CVE-2024-10654 | Authorization Bypass Through User-Controlled Key vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. | 9.1 |
| 2024-10-29 | CVE-2024-10452 | Authorization Bypass Through User-Controlled Key vulnerability in Grafana 10.4.0
Organization admins can delete pending invites created in an organization they are not part of. | 2.7 |
| 2024-10-29 | CVE-2024-7473 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. | 6.5 |
| 2024-10-28 | CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. | 9.8 |