| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
|
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
|
| Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. |
| Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. |
| Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. |
| Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. |
| An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
| An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. |
| An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. |
| ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. |
| An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. |
| An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' |
| An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. |
| An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. |
| Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. |