Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25595 | 2024-08-01 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. | ||||
| CVE-2024-22519 | 1 Sorenfriis | 1 Opendroneid Osm | 2024-08-01 | 8.2 High |
| An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. | ||||
| CVE-2024-22520 | 1 Dronetag | 1 Drone Scanner | 2024-08-01 | 8.2 High |
| An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. | ||||
| CVE-2024-22139 | 2024-08-01 | 3.7 Low | ||
| Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6. | ||||
| CVE-2024-22092 | 2024-08-01 | 7.7 High | ||
| in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. | ||||
| CVE-2024-21746 | 2024-08-01 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2. | ||||
| CVE-2024-21518 | 1 Opencart | 1 Opencart | 2024-08-01 | 7.2 High |
| This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability. | ||||
| CVE-2024-21494 | 2024-08-01 | 5.4 Medium | ||
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. | ||||
| CVE-2024-20363 | 2024-08-01 | 5.8 Medium | ||
| Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. | ||||
| CVE-2024-5812 | 2024-08-01 | 3.3 Low | ||
| A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. | ||||
| CVE-2024-4358 | 1 Telerik | 1 Report Server 2024 | 2024-08-01 | 9.8 Critical |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | ||||
| CVE-2024-3843 | 2024-08-01 | 4.6 Medium | ||
| Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-0931 | 2024-02-08 | 0.0 Low | ||
| Red Hat Product Security does not consider this to be a vulnerability. Upstream has not acknowledged this issue as a security flaw. | ||||