Search Results (37151 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34600 1 Adiscon 1 Loganalyzer 2024-12-09 9.8 Critical
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
CVE-2024-4046 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.4 Medium
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32998 1 Huawei 2 Emui, Harmonyos 2024-12-09 5.9 Medium
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-12231 1 Infoline-tr 1 Project Management System 2024-12-09 7.3 High
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-32999 1 Huawei 2 Emui, Harmonyos 2024-12-09 6.8 Medium
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52361 1 Huawei 1 Harmonyos 2024-12-09 7.5 High
The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.
CVE-2024-1821 1 Code-projects 1 Crime Reporting System 2024-12-07 5.5 Medium
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability.
CVE-2024-1820 1 Code-projects 1 Crime Reporting System 2024-12-07 7.3 High
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.
CVE-2021-37864 1 Mattermost 1 Mattermost 2024-12-06 2.6 Low
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs.
CVE-2022-1002 1 Mattermost 1 Mattermost 2024-12-06 2 Low
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
CVE-2022-1384 1 Mattermost 1 Mattermost Server 2024-12-06 4.7 Medium
Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities.
CVE-2022-2408 1 Mattermost 1 Mattermost 2024-12-06 4.3 Medium
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
CVE-2023-27263 1 Mattermost 1 Mattermost 2024-12-06 4.3 Medium
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of.
CVE-2023-27264 1 Mattermost 1 Mattermost 2024-12-06 7.1 High
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/[playbookID] API.
CVE-2023-1774 1 Mattermost 1 Mattermost Server 2024-12-06 4.2 Medium
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
CVE-2023-2193 1 Mattermost 1 Mattermost 2024-12-06 6.5 Medium
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVE-2023-2515 1 Mattermost 1 Mattermost Server 2024-12-06 4.7 Medium
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
CVE-2023-2783 1 Mattermost 1 Mattermost 2024-12-06 4.3 Medium
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
CVE-2023-2784 1 Mattermost 1 Mattermost 2024-12-06 4.2 Medium
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.
CVE-2023-2786 1 Mattermost 1 Mattermost 2024-12-06 4.3 Medium
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.