Filtered by CWE-639

Search

Switch to Advanced Search (Beta)
Total 787 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-6534 1 Monospace 1 Directus 2024-08-19 4.1 Medium
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.
CVE-2024-6357 1 Opentext 1 Arcsight Intelligence 2024-08-19 6.3 Medium
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
CVE-2024-43315 1 Checkoutplugins 1 Stripe Payments For Woocommerce 2024-08-19 7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.
CVE-2024-43239 2024-08-19 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This issue affects Masteriyo - LMS: from n/a through 1.11.4.
CVE-2024-27730 1 Friendica 1 Friendica 2024-08-19 9.8 Critical
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVE-2024-21981 1 Amd 3 Athlon, Epyc, Ryzen 2024-08-15 5.7 Medium
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
CVE-2024-39642 2024-08-13 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.