Vulnerabilities (CVE)

Filtered by CWE-284
Total 4404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45208 2026-06-17 N/A 9.8 CRITICAL
The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
CVE-2024-45170 1 C-mor 1 C-mor Video Surveillance 2026-06-17 N/A 8.1 HIGH
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings.
CVE-2024-45149 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 2.7 LOW
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-45135 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 2.7 LOW
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45133 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 2.7 LOW
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
CVE-2024-45130 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 4.3 MEDIUM
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45129 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 4.3 MEDIUM
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45124 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 5.3 MEDIUM
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45122 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 4.3 MEDIUM
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-45121 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 4.3 MEDIUM
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45118 1 Adobe 3 Commerce, Commerce B2b, Magento 2026-06-17 N/A 6.5 MEDIUM
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-44915 1 Irfanview 1 Exr 2026-06-17 N/A 5.5 MEDIUM
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
CVE-2024-44914 1 Irfanview 1 Exr 2026-06-17 N/A 5.5 MEDIUM
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
CVE-2024-44913 1 Irfanview 1 Exr 2026-06-17 N/A 5.5 MEDIUM
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
CVE-2024-44860 1 Solvait 1 Solvait 2026-06-17 N/A 7.5 HIGH
An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.
CVE-2024-44571 1 Relyum 2 Rely-pcie, Rely-pcie Firmware 2026-06-17 N/A 8.8 HIGH
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.
CVE-2024-44313 1 Tastyigniter 1 Tastyigniter 2026-06-17 N/A 8.1 HIGH
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.
CVE-2024-44303 1 Apple 1 Macos 2026-06-17 N/A 7.5 HIGH
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify protected parts of the file system.
CVE-2024-44271 1 Apple 1 Macos 2026-06-17 N/A 3.3 LOW
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
CVE-2024-44219 1 Apple 1 Macos 2026-06-17 N/A 7.5 HIGH
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with root privileges may be able to access private information.