Total
29099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43588 | 1 Zoom | 3 Meetings, Virtual Desktop Infrastructure, Zoom | 2024-09-20 | 3.5 Low |
| Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | ||||
| CVE-2023-22618 | 1 Nokia | 12 Wavelite Metro 200 And F2b Fans, Wavelite Metro 200 And F2b Fans Firmware, Wavelite Metro 200 And Fan and 9 more | 2024-09-20 | 8.1 High |
| If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans. | ||||
| CVE-2024-4551 | 1 Yotuwp | 1 Video Gallery | 2024-09-20 | 6.4 Medium |
| The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-4258 | 1 Yotuwp | 1 Video Gallery | 2024-09-20 | 9.8 Critical |
| The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2022-4536 | 1 Youtag | 2 Ip-vault-wp-firewall, Two-factor Authentication | 2024-09-20 | 5.3 Medium |
| The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. | ||||
| CVE-2023-37935 | 1 Fortinet | 1 Fortios | 2024-09-19 | 6.5 Medium |
| A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | ||||
| CVE-2023-28603 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2024-09-19 | 7.7 High |
| Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | ||||
| CVE-2023-28600 | 1 Zoom | 1 Zoom | 2024-09-19 | 5.2 Medium |
| Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. | ||||
| CVE-2024-8417 | 1 Yunknet | 2 Online School System, Yunke Online School System | 2024-09-19 | 3.1 Low |
| A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html. The manipulation leads to inclusion of sensitive information in source code. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.6 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-09-19 | 4 Medium |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2024-09-19 | 4 Medium |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2024-6087 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-09-19 | 6.5 Medium |
| An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover. | ||||
| CVE-2023-3037 | 1 Helpdezk | 1 Helpdezk | 2024-09-19 | 8.6 High |
| Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | ||||
| CVE-2023-4570 | 1 Ni | 1 Measurementlink | 2024-09-19 | 8.8 High |
| An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | ||||
| CVE-2024-6053 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2024-09-19 | 4.3 Medium |
| Improper access control in the clipboard synchronization feature in TeamViewer Full Client prior version 15.57 and TeamViewer Meeting prior version 15.55.3 can lead to unintentional sharing of the clipboard with the current presenter of a meeting. | ||||
| CVE-2024-5755 | 1 Lunary | 1 Lunary | 2024-09-19 | 5.3 Medium |
| In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., 'attacker123@gmail.com' and 'attacker.123@gmail.com'), leading to incorrect synchronization and potential security issues. | ||||
| CVE-2023-43697 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 6.5 Medium |
| Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | ||||
| CVE-2023-5102 | 2 Sick, Sick Ag | 3 Apu0200, Apu0200 Firmware, Apu0200 | 2024-09-19 | 5.3 Medium |
| Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | ||||
| CVE-2024-45411 | 1 Symfony | 1 Twig | 2024-09-19 | 8.6 High |
| Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0. | ||||
| CVE-2023-39199 | 1 Zoom | 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more | 2024-09-19 | 4.9 Medium |
| Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | ||||