Total
2622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29221 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 4.7 MEDIUM |
| Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | |||||
| CVE-2024-2447 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | N/A | 6.5 MEDIUM |
| Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action. | |||||
| CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | |||||
| CVE-2024-45149 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-12-12 | N/A | 2.7 LOW |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-40825 | 1 Apple | 2 Macos, Visionos | 2024-12-12 | N/A | 4.4 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files. | |||||
| CVE-2024-23271 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-12 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. | |||||
| CVE-2024-10124 | 2024-12-12 | N/A | 9.8 CRITICAL | ||
| The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. | |||||
| CVE-2024-11961 | 1 Huayi-tec | 1 Jeewms | 2024-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-12294 | 2024-12-11 | N/A | 5.3 MEDIUM | ||
| The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts. | |||||
| CVE-2024-12233 | 1 Fabianros | 1 Online Notice Board | 2024-12-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11138 | 1 Dedecms | 1 Dedecms | 2024-12-10 | 3.3 LOW | 2.7 LOW |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-27841 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-09 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory. | |||||
| CVE-2024-27790 | 1 Claris | 1 Filemaker Server | 2024-12-09 | N/A | 7.5 HIGH |
| Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests. | |||||
| CVE-2024-12307 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available. | |||||
| CVE-2024-12306 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | |||||
| CVE-2024-1823 | 1 Codeastro | 1 Simple Voting System | 2024-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611. | |||||
| CVE-2024-26201 | 1 Microsoft | 1 Intune Company Portal | 2024-12-06 | N/A | 6.6 MEDIUM |
| Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-42838 | 1 Apple | 1 Macos | 2024-12-06 | N/A | 8.6 HIGH |
| An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||||
| CVE-2024-23238 | 1 Apple | 1 Macos | 2024-12-05 | N/A | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables. | |||||
| CVE-2024-12235 | 2024-12-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security-oauth2\src\main\java\com\dstz\auth\filter\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||