Total
2799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0415 | 1 Csdeshang | 1 Dsmall | 2024-08-26 | 6.3 Medium |
| A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435. | ||||
| CVE-2024-26263 | 2024-08-26 | 5.3 Medium | ||
| EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | ||||
| CVE-2024-42766 | 2 Kashipara, Kjayvik | 2 Bus Ticket Reservation System, Bus Ticket Reservation System | 2024-08-26 | 5.4 Medium |
| Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php. | ||||
| CVE-2023-47422 | 2024-08-26 | 8.8 High | ||
| An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. | ||||
| CVE-2024-24568 | 2024-08-26 | 5.3 Medium | ||
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3. | ||||
| CVE-2024-41703 | 1 Librechat | 1 Librechat | 2024-08-23 | 9.8 Critical |
| LibreChat through 0.7.4-rc1 has incorrect access control for message updates. | ||||
| CVE-2024-1114 | 1 Openbi | 1 Openbi | 2024-08-23 | 6.5 Medium |
| A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472. | ||||
| CVE-2024-7954 | 1 Spip | 1 Spip | 2024-08-23 | 9.8 Critical |
| The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request. | ||||
| CVE-2024-21653 | 1 Vantage6 | 1 Vantage6 | 2024-08-23 | 6.5 Medium |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability. | ||||
| CVE-2024-43031 | 1 Dlink | 1 Autman | 2024-08-23 | 4.3 Medium |
| autMan v2.9.6 was discovered to contain an access control issue. | ||||
| CVE-2023-43847 | 2024-08-23 | 5.3 Medium | ||
| Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests. | ||||
| CVE-2024-42776 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | ||||
| CVE-2024-42775 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 9.1 Critical |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
| CVE-2024-42497 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 6 Medium |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams. | ||||
| CVE-2024-42772 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.5 High |
| An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
| CVE-2024-43780 | 2024-08-23 | 4.3 Medium | ||
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | ||||
| CVE-2024-40884 | 2024-08-23 | 2.7 Low | ||
| Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL. | ||||
| CVE-2024-36441 | 2024-08-23 | 5.4 Medium | ||
| Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. | ||||
| CVE-2024-36443 | 2024-08-23 | 7.6 High | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. | ||||
| CVE-2024-32939 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.3 Medium |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server." | ||||