| 2024-10-28 | CVE-2024-10439 | Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. | 7.5 |
| 2024-10-26 | CVE-2024-9637 | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. | 8.8 |
| 2024-10-18 | CVE-2024-10121 | Authorization Bypass Through User-Controlled Key vulnerability in Riskengine Radar
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. | 9.8 |
| 2024-10-17 | CVE-2024-9215 | The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. | 8.8 |
| 2024-10-17 | CVE-2024-9862 | Authorization Bypass Through User-Controlled Key vulnerability in Miniorange OTP Verification With Firebase
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. | 9.8 |
| 2024-10-16 | CVE-2023-7286 | The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. | 6.5 |
| 2024-10-15 | CVE-2024-49388 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16
Sensitive information manipulation due to improper authorization. | 9.1 |
| 2024-10-15 | CVE-2024-9687 | Authorization Bypass Through User-Controlled Key vulnerability in Dueclic WP 2FA With Telegram
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. | 8.8 |
| 2024-10-04 | CVE-2024-47657 | Authorization Bypass Through User-Controlled Key vulnerability in Shilpisoft NET Back Office
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. | 6.5 |
| 2024-10-02 | CVE-2024-20513 | Authorization Bypass Through User-Controlled Key vulnerability in Cisco products
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. | 5.3 |