Search
Search Results (1527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43916 | 1 Dylanjkotze | 1 Zephyr Project Manager | 2024-09-12 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102. | ||||
| CVE-2024-7438 | 1 Simplemachines | 1 Simple Machines Forum | 2024-09-11 | 4.3 Medium |
| A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7437 | 1 Simplemachines | 2 Simple Machine Forum, Simple Machines Forum | 2024-09-11 | 5.4 Medium |
| A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-45232 | 2 In2code, Typo3 | 2 Powermail, Typo3 | 2024-08-30 | 7.3 High |
| An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0 | ||||
| CVE-2024-42463 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-42464 | 1 Upkeeper | 1 Upkeeper Manager | 2024-08-28 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9. | ||||
| CVE-2024-6357 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | 6.3 Medium |
| Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | ||||