Total
2428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12307 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available. | |||||
| CVE-2024-12306 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | |||||
| CVE-2024-1823 | 1 Codeastro | 1 Simple Voting System | 2024-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611. | |||||
| CVE-2024-26201 | 1 Microsoft | 1 Intune Company Portal | 2024-12-06 | N/A | 6.6 MEDIUM |
| Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | |||||
| CVE-2023-42838 | 1 Apple | 1 Macos | 2024-12-06 | N/A | 8.6 HIGH |
| An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, macOS Monterey 12.7.2. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||||
| CVE-2024-23238 | 1 Apple | 1 Macos | 2024-12-05 | N/A | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables. | |||||
| CVE-2024-12235 | 2024-12-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security-oauth2\src\main\java\com\dstz\auth\filter\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10937 | 2024-12-05 | N/A | 5.3 MEDIUM | ||
| The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status. | |||||
| CVE-2024-11674 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-12-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11661 | 1 Codezips | 1 Free Exam Hall Seating Management System | 2024-12-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The researcher submit confuses the vulnerability class of this issue. | |||||
| CVE-2023-42945 | 1 Apple | 1 Macos | 2024-12-03 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized access to Bluetooth. | |||||
| CVE-2024-34112 | 1 Adobe | 1 Coldfusion | 2024-12-03 | N/A | 7.5 HIGH |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-34099 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-12-02 | N/A | 7.8 HIGH |
| Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-48010 | 1 Dell | 1 Data Domain Operating System | 2024-11-26 | N/A | 6.5 MEDIUM |
| Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application. | |||||
| CVE-2024-10965 | 1 Emqx | 1 Neuron | 2024-11-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The patch is named c9ce39747e0372aaa2157b2b56174914a12c06d8. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-11484 | 1 Code4berry | 1 Decoration Management System | 2024-11-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The manipulation of the argument productimage1 leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5331 | 1 Soflyy | 1 Breakdance | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions. | |||||
| CVE-2024-2315 | 2024-11-21 | N/A | N/A | ||
| APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. | |||||
| CVE-2024-48899 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | |||||
| CVE-2024-7154 | 1 Totolink | 2 A3700r, A3700r Firmware | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||