Search Results (363674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36399 1 Kanboard 1 Kanboard 2024-11-21 8.2 High
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37.
CVE-2024-36397 1 Vantiva 2 Mediaaccess Dga2232, Mediaaccess Dga2232 Firmware 2024-11-21 6.1 Medium
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-36396 1 Verint 1 Workforce Optimization 2024-11-21 8.8 High
Verint - CWE-434: Unrestricted Upload of File with Dangerous Type
CVE-2024-36395 1 Verint 1 Workforce Optimization 2024-11-21 6.1 Medium
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-36394 1 Sysaid 1 Sysaid 2024-11-21 9.1 Critical
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-36393 1 Sysaid 1 Sysaid 2024-11-21 9.9 Critical
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36388 2024-11-21 10 Critical
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
CVE-2024-36287 2 Apple, Mattermost 2 Macos, Mattermost Desktop 2024-11-21 3.8 Low
Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.
CVE-2024-36278 1 Openatom 1 Openharmony 2024-11-21 3.3 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-36268 1 Apache 1 Inlong 2024-11-21 9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/10251
CVE-2024-36260 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-36257 1 Mattermost 1 Mattermost 2024-11-21 2.7 Low
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A.
CVE-2024-36243 1 Openatom 1 Openharmony 2024-11-21 8.2 High
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
CVE-2024-36239 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
CVE-2024-36238 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a malicious link or to interact with a maliciously crafted web page.
CVE-2024-36236 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a specially crafted link.
CVE-2024-36235 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that causes the execution of the malicious script.
CVE-2024-36234 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a user to click on a specially crafted link or to submit a form that triggers the vulnerability.
CVE-2024-36233 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires user interaction, such as convincing a victim to click on a malicious link.
CVE-2024-36232 1 Adobe 1 Experience Manager 2024-11-21 5.4 Medium
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.