Search
Search Results (1524 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45232 | 2 In2code, Typo3 | 2 Powermail, Typo3 | 2024-08-30 | 7.3 High |
| An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0 | ||||
| CVE-2024-42463 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-42464 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-6357 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | 6.3 Medium |
| Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | ||||