Search
Search Results (590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4100 | 2 Gioni, Wpcerber | 2 Wp Cerber Security, Cerber Security Antispam \& Malware Scan | 2024-09-20 | 5.3 Medium |
| The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked. | ||||
| CVE-2024-23499 | 1 Intel | 2 Ethernet 800 Series Controllers Driver, Ethernet Network Controller E810 | 2024-09-06 | 6.5 Medium |
| Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2024-41657 | 1 Casbin | 1 Casdoor | 2024-08-28 | 8.1 High |
| Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user. | ||||
| CVE-2024-39836 | 1 Mattermost | 1 Mattermost | 2024-08-23 | 4.8 Medium |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails. | ||||
| CVE-2024-24853 | 1 Intel | 1 Processor | 2024-08-16 | 7.2 High |
| Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22374 | 1 Intel | 1 Xeon Processors | 2024-08-14 | 6.5 Medium |
| Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-24980 | 1 Intel | 1 Xeon Processors | 2024-08-14 | 6.1 Medium |
| Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-24983 | 1 Intel | 1 Ethernet Complete Driver Pack | 2024-08-14 | 6.5 Medium |
| Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2024-32862 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.8 Medium |
| Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. | ||||
| CVE-2024-26908 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2024-04-30 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||