Total
3098 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45124 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-11 | 5.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45118 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 6.5 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45121 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45122 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-46539 | 1 Fire-boltt | 1 Artillery Smartwatch Firmware | 2024-10-10 | 8.2 High |
| Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). | ||||
| CVE-2024-47910 | 1 Sonarsource | 1 Sonarqube | 2024-10-07 | 7.2 High |
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | ||||
| CVE-2024-42514 | 1 Mitel | 1 Micontact Center Business | 2024-10-07 | 8.1 High |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control checks. A successful exploit requires user interaction and could allow an attacker to access sensitive information and send unauthorized messages during an active chat session. | ||||
| CVE-2023-26770 | 1 Taskcafe Project | 1 Taskcafe | 2024-10-07 | 9.8 Critical |
| TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | ||||
| CVE-2024-20343 | 2 Cisco, Linux | 2 Ios Xr, Linux Kernel | 2024-10-07 | 5.5 Medium |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system. | ||||
| CVE-2024-45408 | 1 Elabftw | 1 Elabftw | 2024-10-04 | 7.5 High |
| eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed (something disabled by default), this extends to anyone. Users are advised to upgrade to at least version 5.1.0. System administrators can disable anonymous access in the System configuration panel. | ||||
| CVE-2024-46280 | 1 Pix-link | 1 Lv-wr22 | 2024-10-04 | 8.8 High |
| PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. | ||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2024-10-04 | 6.5 Medium |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | ||||
| CVE-2024-9298 | 1 Oretnom23 | 1 Railway Reservation System | 2024-10-01 | 4.3 Medium |
| A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of the component Ticket Handler. The manipulation of the argument id leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9321 | 2 Oretnom23, Sourcecodester | 2 Railway Reservation System, Online Railway Reservation System | 2024-10-01 | 5.3 Medium |
| A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_details.php. The manipulation of the argument id leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42406 | 1 Mattermost | 1 Mattermost Server | 2024-10-01 | 5.4 Medium |
| Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files. | ||||
| CVE-2024-46627 | 1 Becn | 1 Datagerry | 2024-09-30 | 9.1 Critical |
| Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. | ||||
| CVE-2024-44860 | 1 Solvait | 1 Solvait | 2024-09-30 | 7.5 High |
| An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request. | ||||
| CVE-2024-45982 | 1 Scheduler | 1 Scheduler | 2024-09-30 | 8.8 High |
| A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts. | ||||
| CVE-2024-41605 | 1 Foxitsoftware | 1 Foxit Pdf Editor | 2024-09-30 | 8.4 High |
| In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed. | ||||
| CVE-2024-46097 | 1 Testlink | 1 Testlink | 2024-09-30 | 8.1 High |
| TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges. | ||||