Search
Search Results (384 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8754 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
| An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured. | ||||
| CVE-2024-6203 | 1 Haloservicesolutions | 1 Haloitsm | 2024-08-29 | 8.3 High |
| HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | ||||
| CVE-2024-42915 | 1 Staff Appraisal System | 1 Staff Appraisal System | 2024-08-23 | 8 High |
| A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and compromise their accounts. | ||||
| CVE-2024-37028 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-20 | 5.3 Medium |
| BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||