Filtered by vendor
Subscriptions
Total
2874 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-31341 | 1 Amd | 2 Amd Uprof, Uprof | 2024-12-13 | 7.3 High |
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. | ||||
CVE-2024-29221 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.7 Medium |
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | ||||
CVE-2024-2447 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 6.5 Medium |
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action. | ||||
CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | ||||
CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2024-12-13 | 4.3 Medium |
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | ||||
CVE-2024-45149 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-12-13 | 2.7 Low |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
CVE-2024-40825 | 1 Apple | 2 Macos, Visionos | 2024-12-12 | 6 Medium |
The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files. | ||||
CVE-2024-10124 | 2024-12-12 | 9.8 Critical | ||
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. | ||||
CVE-2024-54096 | 2024-12-12 | 5.3 Medium | ||
Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. | ||||
CVE-2024-23271 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-12-12 | 6.5 Medium |
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. | ||||
CVE-2024-48912 | 2024-12-12 | N/A | ||
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | ||||
CVE-2024-47760 | 2024-12-11 | N/A | ||
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | ||||
CVE-2024-11961 | 2 Guangzhou Huayi Intelligent Technology, Huayi-tec | 2 Jeewms, Jeewms | 2024-12-11 | 5.3 Medium |
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-47758 | 2024-12-11 | N/A | ||
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | ||||
CVE-2024-12294 | 2024-12-11 | 5.3 Medium | ||
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts. | ||||
CVE-2024-12233 | 2 Fabianros, Kashipara | 2 Online Notice Board, Online Notice Board System | 2024-12-11 | 7.3 High |
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-11138 | 1 Dedecms | 1 Dedecms | 2024-12-11 | 2.7 Low |
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-38164 | 1 Microsoft | 1 Groupme | 2024-12-10 | 9.6 Critical |
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | ||||
CVE-2024-38100 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2024-12-10 | 7.8 High |
Windows File Explorer Elevation of Privilege Vulnerability | ||||
CVE-2024-38061 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-10 | 7.5 High |
DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability |