• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-862

CVE-2022-44009

February 23, 2023 by godfreyd94

Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn’t check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.

CVE-2022-4384

February 23, 2023 by godfreyd94

The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.

CVE-2022-4385

February 23, 2023 by godfreyd94

The Intuitive Custom Post Order WordPress plugin through 3.1.3 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order

CVE-2022-43427

February 23, 2023 by godfreyd94

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-43431

February 23, 2023 by godfreyd94

Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-43482

February 23, 2023 by godfreyd94

Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 144
  • Go to page 145
  • Go to page 146
  • Go to page 147
  • Go to page 148
  • Interim pages omitted …
  • Go to page 211
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE