Search Results (363118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36414 1 Salesagility 1 Suitecrm 2024-11-21 7.7 High
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36413 1 Salesagility 1 Suitecrm 2024-11-21 8.9 High
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36412 1 Salesagility 1 Suitecrm 2024-11-21 10 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36411 1 Salesagility 1 Suitecrm 2024-11-21 9.6 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36410 1 Salesagility 1 Suitecrm 2024-11-21 9.6 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36409 1 Salesagility 1 Suitecrm 2024-11-21 9.6 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36408 1 Salesagility 1 Suitecrm 2024-11-21 9.6 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36407 1 Salesagility 1 Suitecrm 2024-11-21 3.7 Low
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. It also requires the system using php 7, which is not an officially supported version. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36400 1 Viz 1 Nano Id 2024-11-21 9.4 Critical
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that `nano_id::base64` is not affected by this vulnerability. This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. The vulnerability is fixed in 0.4.0.
CVE-2024-36399 1 Kanboard 1 Kanboard 2024-11-21 8.2 High
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.
CVE-2024-36397 1 Vantiva 2 Mediaaccess Dga2232, Mediaaccess Dga2232 Firmware 2024-11-21 6.1 Medium
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-36396 1 Verint 1 Workforce Optimization 2024-11-21 8.8 High
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
CVE-2024-36395 1 Verint 1 Workforce Optimization 2024-11-21 6.1 Medium
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-36394 1 Sysaid 1 Sysaid 2024-11-21 9.1 Critical
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-36393 1 Sysaid 1 Sysaid 2024-11-21 9.9 Critical
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36388 2024-11-21 10 Critical
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
CVE-2024-36287 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-11-21 3.8 Low
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVE-2024-36278 1 Openatom 1 Openharmony 2024-11-21 3.3 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-36268 1 Apache 1 Inlong 2024-11-21 9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251
CVE-2024-36260 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.