Total
2860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0415 | 1 Csdeshang | 1 Dsmall | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435. | |||||
| CVE-2024-0414 | 1 Csdeshang | 1 Dscms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-0413 | 1 Csdeshang | 1 Dskms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability. | |||||
| CVE-2024-0412 | 1 Csdeshang | 1 Dsshop | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432. | |||||
| CVE-2024-0411 | 1 Csdeshang | 1 Dsmall | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431. | |||||
| CVE-2024-0358 | 1 Csdeshang | 1 Dso2o | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability. | |||||
| CVE-2024-0356 | 1 Mandelo | 1 Ssm Shiro Blog | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123. | |||||
| CVE-2024-0336 | 2024-11-21 | N/A | N/A | ||
| Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7223 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6773 | 1 Codeastro | 1 Pos And Inventory Management System | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /accounts_con/register_account of the component User Creation Handler. The manipulation of the argument account_type with the input Admin leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247909 was assigned to this vulnerability. | |||||
| CVE-2023-6761 | 1 Thecosy | 1 Icecms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability. | |||||
| CVE-2023-6758 | 1 Thecosy | 1 Icecms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /adplanet/PlanetCommentList of the component API. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247886 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5833 | 1 Mintplexlabs | 1 Anythingllm | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | |||||
| CVE-2023-5365 | 1 Hp | 1 Life | 2024-11-21 | N/A | 9.8 CRITICAL |
| HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | |||||
| CVE-2023-5240 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | |||||
| CVE-2023-52114 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2023-52105 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-51786 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control. | |||||
| CVE-2023-51070 | 1 Qstar | 1 Archive Storage Manager | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | |||||
| CVE-2023-50928 | 1 Amazon | 1 Awslabs Sandbox Accounts For Events | 2024-11-21 | N/A | 7.1 HIGH |
| "Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and self-defined budget & duration. This issue only affects cleaned AWS accounts, it is not possible to access AWS accounts in use or existing data/infrastructure. This issue has been patched in version 1.1.0. | |||||