Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-125071 | 1 Gribbit Project | 1 Gribbit | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716. | |||||
| CVE-2024-10534 | 1 Dataprom | 1 Personnel Attendance Control Systems \/ Access Control Security Systems | 2024-11-19 | N/A | 9.8 CRITICAL |
| Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024. | |||||
| CVE-2024-51037 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function. | |||||
| CVE-2024-6674 | 1 Lollms | 1 Lollms Web Ui | 2024-11-01 | N/A | 7.1 HIGH |
| A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information. | |||||
| CVE-2024-10460 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-10-31 | N/A | 5.3 MEDIUM |
| The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | |||||
| CVE-2024-7978 | 1 Google | 1 Chrome | 2024-10-29 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-44734 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | |||||
| CVE-2024-41475 | 1 Sir | 1 Gnuboard | 2024-09-18 | N/A | 8.8 HIGH |
| Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. | |||||
| CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | |||||
| CVE-2024-23458 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.8 HIGH |
| While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. | |||||