Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6128 | 1 Spa-cart | 1 Spa-cartcms | 2024-09-20 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268895. | |||||
| CVE-2024-6299 | 1 Conduit | 1 Conduit | 2024-09-20 | N/A | 3.7 LOW |
| Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date | |||||
| CVE-2024-31197 | 1 Opennetworking | 1 Libfluid Msg | 2024-09-20 | N/A | 7.5 HIGH |
| Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This issue affects libfluid: 0.1.0. | |||||
| CVE-2024-6302 | 1 Conduit | 1 Conduit | 2024-09-20 | N/A | 5.5 MEDIUM |
| Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events. | |||||
| CVE-2024-35154 | 1 Ibm | 1 Websphere Application Server | 2024-09-20 | N/A | 7.2 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. | |||||
| CVE-2023-46387 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-09-20 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration. | |||||
| CVE-2023-46389 | 1 Loytec | 4 Linx-151, Linx-151 Firmware, Linx-212 and 1 more | 2024-09-20 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. This vulnerability allows remote attackers to disclose sensitive information on LINX configuration. | |||||
| CVE-2024-45323 | 1 Fortinet | 1 Fortiedrmanager | 2024-09-20 | N/A | 2.7 LOW |
| An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations. | |||||
| CVE-2024-24693 | 1 Zoom | 1 Rooms | 2024-09-20 | N/A | 5.5 MEDIUM |
| Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2023-43588 | 1 Zoom | 3 Meetings, Virtual Desktop Infrastructure, Zoom | 2024-09-20 | N/A | 6.5 MEDIUM |
| Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | |||||
| CVE-2023-22618 | 1 Nokia | 12 Wavelite Metro 200 And F2b Fans, Wavelite Metro 200 And F2b Fans Firmware, Wavelite Metro 200 And Fan and 9 more | 2024-09-20 | N/A | 7.8 HIGH |
| If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans. | |||||
| CVE-2023-36538 | 1 Zoom | 1 Rooms | 2024-09-20 | N/A | 7.8 HIGH |
| Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
| CVE-2024-4551 | 1 Yotuwp | 1 Video Gallery | 2024-09-20 | N/A | 8.8 HIGH |
| The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-4258 | 1 Yotuwp | 1 Video Gallery | 2024-09-20 | N/A | 9.8 CRITICAL |
| The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2022-4536 | 1 Youtag | 1 Ip-vault-wp-firewall | 2024-09-20 | N/A | 5.3 MEDIUM |
| The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. | |||||
| CVE-2023-28600 | 1 Zoom | 1 Zoom | 2024-09-19 | N/A | 5.4 MEDIUM |
| Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. | |||||
| CVE-2023-28603 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2024-09-19 | N/A | 7.1 HIGH |
| Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | |||||
| CVE-2024-8417 | 1 Yunknet | 1 Online School System | 2024-09-19 | N/A | 8.1 HIGH |
| A vulnerability was found in ?????????? Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html. The manipulation leads to inclusion of sensitive information in source code. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.6 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-6087 | 1 Lunary | 1 Lunary | 2024-09-19 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover. | |||||
| CVE-2024-6053 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2024-09-19 | N/A | 4.3 MEDIUM |
| Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. | |||||