Total
508 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4587 | 1 Zkteco | 2 Zem800, Zem800 Firmware | 2024-06-04 | 5.5 Medium |
An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or through a VPN server. | ||||
CVE-2024-5258 | 2024-06-04 | 4.4 Medium | ||
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic. | ||||
CVE-2024-5166 | 2024-06-04 | 6.5 Medium | ||
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model. | ||||
CVE-2024-4538 | 2024-06-04 | 7.5 High | ||
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data. | ||||
CVE-2024-4843 | 2024-06-04 | 4.3 Medium | ||
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege. | ||||
CVE-2024-4537 | 2024-06-04 | 7.5 High | ||
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket. | ||||
CVE-2024-22439 | 2024-06-04 | 6.9 Medium | ||
A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure. | ||||
CVE-2024-32604 | 2024-06-04 | 4.3 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | ||||
CVE-2024-32808 | 2024-06-04 | 5.4 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | ||||
CVE-2024-32772 | 2024-06-04 | 4.3 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | ||||
CVE-2024-32683 | 2024-06-04 | 5.3 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | ||||
CVE-2024-34383 | 2024-06-04 | 5.3 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. | ||||
CVE-2024-31296 | 2024-06-04 | 4.3 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. | ||||
CVE-2023-45808 | 2024-06-04 | 4.1 Medium | ||
iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects (for example a UserRequest in an out of scope Organization). Fixed in iTop 2.7.10, 3.0.4, 3.1.1, and 3.2.0. | ||||
CVE-2021-36388 | 1 Yellowfinbi | 1 Yellowfin | 2024-06-04 | 7.5 High |
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4". | ||||
CVE-2021-20599 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-06-04 | 7.5 High |
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | ||||
CVE-2024-2577 | 2024-05-17 | 7.3 High | ||
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080. | ||||
CVE-2024-2574 | 2024-05-17 | 7.3 High | ||
A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability. | ||||
CVE-2024-0264 | 1 Oretnom23 | 1 Clinic Queuing System | 2024-05-17 | 9.8 Critical |
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820. | ||||
CVE-2023-2978 | 1 Abstrium | 1 Pydio Cells | 2024-05-17 | 4.3 Medium |
A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability. |