Filtered by CWE-346
Filtered by vendor Subscriptions
Total 304 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44187 2 Apple, Redhat 8 Ipados, Iphone Os, Macos and 5 more 2024-09-25 6.5 Medium
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-41475 2 Gnuboard, Sir 2 Gnuboard6, Gnuboard 2024-09-18 9.8 Critical
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
CVE-2024-41926 1 Mattermost 1 Mattermost Server 2024-09-04 2.7 Low
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.
CVE-2024-23458 1 Zscaler 1 Client Connector 2024-08-08 7.3 High
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.