Filtered by vendor
Subscriptions
Total
29165 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43813 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.3 Medium |
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | ||||
CVE-2024-8071 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.7 Medium |
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role (e.g. member) to include the `manage_system` permission, effectively becoming a System Admin. | ||||
CVE-2024-36505 | 1 Fortinet | 1 Fortios | 2024-08-22 | 4.7 Medium |
An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | ||||
CVE-2024-21757 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-22 | 5.5 Medium |
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. | ||||
CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2024-08-22 | 9.8 Critical |
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||
CVE-2024-7921 | 2 Jielink\+ Jsotc2016 Project, Jieshun-tech | 2 Jielink\+ Jsotc2016, Jielink\+ | 2024-08-21 | 4.3 Medium |
A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7920 | 2 Anhui Deshun Intelligent Technology, Jielink\+ Jsotc2016 Project | 2 Jieshun Jielink Plus Jsotc2016, Jielink\+ Jsotc2016 | 2024-08-21 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Affected is an unknown function of the file /Report/ParkCommon/GetParkInThroughDeivces. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7919 | 2 Anhui Deshun Intelligent Technology, Jielink\+ Jsotc2016 Project | 2 Jieshun Jielink\+, Jielink\+ Jsotc2016 | 2024-08-21 | 5.3 Medium |
A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-6221 | 1 Corydolphin | 1 Flask-cors | 2024-08-20 | 7.5 High |
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions. | ||||
CVE-2024-40705 | 1 Ibm | 1 Infosphere Information Server | 2024-08-19 | 6.5 Medium |
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. | ||||
CVE-2024-41243 | 1 Lopalopa | 1 Responsive School Management System | 2024-08-19 | 5.3 Medium |
An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. | ||||
CVE-2024-7809 | 2 Online Graduate Tracer System Project, Tamparongj 03 | 2 Online Graduate Tracer System, Online Graduate Tracer System | 2024-08-19 | 5.3 Medium |
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7497 | 2 Angeljudesuarez, Itsourcecode | 2 Airline Reservation System, Airline Reservation System | 2024-08-19 | 6.3 Medium |
A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273623. | ||||
CVE-2024-7496 | 2 Angeljudesuarez, Itsourcecode | 2 Airline Reservation System, Airline Reservation System | 2024-08-19 | 6.3 Medium |
A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273622 is the identifier assigned to this vulnerability. | ||||
CVE-2024-7912 | 2 Codeastro, Online Railway Reservation System Project | 2 Online Railway Reservation System, Online Railway Reservation System | 2024-08-19 | 5.3 Medium |
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-41962 | 1 Yonle | 1 Bostr | 2024-08-16 | 4.6 Medium |
Bostr is an nostr relay aggregator proxy that acts like a regular nostr relay. bostr let everyone in even having authorized_keys being set when noscraper is set to true. This vulnerability is fixed in 3.0.10. | ||||
CVE-2024-42480 | 1 Clastix | 1 Kamaji | 2024-08-16 | 8.1 High |
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2. | ||||
CVE-2024-40475 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-08-15 | 5.3 Medium |
SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. | ||||
CVE-2024-22278 | 1 Linuxfoundation | 1 Harbor | 2024-08-15 | 6.4 Medium |
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. | ||||
CVE-2024-36398 | 1 Siemens | 1 Sinec Nms | 2024-08-14 | 7.8 High |
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges. |