Total
834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34383 | 2024-11-21 | 5.3 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1. | ||||
| CVE-2024-33383 | 1 Novel-plus | 1 Novel-plus | 2024-11-21 | 7.5 High |
| Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. | ||||
| CVE-2024-33373 | 2024-11-21 | 6.3 Medium | ||
| An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack. | ||||
| CVE-2024-32823 | 2024-11-21 | 5.3 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4. | ||||
| CVE-2024-32604 | 1 Wordpress | 1 Adserve | 2024-11-21 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | ||||
| CVE-2024-32166 | 1 Webidsupport | 1 Webid | 2024-11-21 | 8.8 High |
| Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation). | ||||
| CVE-2024-31898 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182. | ||||
| CVE-2024-31815 | 1 Totolink | 1 Ex200 Firmware | 2024-11-21 | 9.1 Critical |
| In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | ||||
| CVE-2024-30543 | 2024-11-21 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in UPQODE Whizz.This issue affects Whizzy: from n/a through 1.1.18. | ||||
| CVE-2024-30507 | 2024-11-21 | 2.7 Low | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7. | ||||
| CVE-2024-29194 | 2024-11-21 | 8.3 High | ||
| OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815. | ||||
| CVE-2024-29181 | 1 Strapi | 1 Strapi | 2024-11-21 | 2.3 Low |
| Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create. They should see nothing but their own items they created not all items ever created. Users should upgrade @strapi/plugin-content-manager to version 4.19.1 to receive a patch. | ||||
| CVE-2024-27302 | 2024-11-21 | 9.1 Critical | ||
| go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a malicious domain. This vulnerability is capable of breaking CORS policy and thus allowing any page to make requests and/or retrieve data on behalf of other users. Version 1.4.4 fixes this issue. | ||||
| CVE-2024-24312 | 2024-11-21 | 7.5 High | ||
| SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. | ||||
| CVE-2024-23747 | 1 Modernasistemas | 1 Modernanet Hospital Management System 2024 | 2024-11-21 | 7.5 High |
| The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information. | ||||
| CVE-2024-23112 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.2 High |
| An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. | ||||
| CVE-2024-22455 | 1 Dell | 1 E-lab Navigator | 2024-11-21 | 4.4 Medium |
| Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks. | ||||
| CVE-2024-22439 | 2024-11-21 | 6.9 Medium | ||
| A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. This vulnerability could be exploited to gain privileged access to switches resulting in information disclosure. | ||||
| CVE-2024-22305 | 1 Kaliforms | 1 Kali Forms | 2024-11-21 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36. | ||||
| CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-11-21 | 9.1 Critical |
| Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | ||||