Vulnerabilities (CVE)

Filtered by CWE-284
Total 4417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-41732 1 Sap 1 Netweaver Application Server Abap 2026-06-17 N/A 4.7 MEDIUM
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.
CVE-2024-41703 1 Librechat 1 Librechat 2026-06-17 N/A 9.8 CRITICAL
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
CVE-2024-41605 2026-06-17 N/A 8.4 HIGH
In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed.
CVE-2024-41600 1 Talelin 1 Lin-cms-spring-boot 2026-06-17 N/A 7.5 HIGH
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.
CVE-2024-41518 1 Mecodia 1 Feripro 2026-06-17 N/A 7.5 HIGH
An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.
CVE-2024-41332 1 Oretnom23 1 Computer Laboratory Management System 2026-06-17 N/A 6.5 MEDIUM
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
CVE-2024-41309 1 Enjayworld 1 Enjay Crm 2026-06-17 N/A 7.8 HIGH
An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2024-41308 1 Enjayworld 1 Enjay Crm 2026-06-17 N/A 7.8 HIGH
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2024-41252 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 6.5 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.
CVE-2024-41251 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 6.5 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.
CVE-2024-41250 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.
CVE-2024-41249 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
CVE-2024-41248 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.
CVE-2024-41247 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.
CVE-2024-41246 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.
CVE-2024-41245 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.
CVE-2024-41244 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
CVE-2024-41243 1 Lopalopa 1 Responsive School Management System 2026-06-17 N/A 5.3 MEDIUM
An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.
CVE-2024-41162 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.1 MEDIUM
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.
CVE-2024-41144 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 5.5 MEDIUM
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled,  which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels