Total
17 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26689 | 1 Cs-cart | 1 Cs-cart Multivendor | 2025-04-24 | N/A | 9.8 CRITICAL |
| An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. | |||||
| CVE-2024-46671 | 2025-04-08 | N/A | 6.2 MEDIUM | ||
| An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. | |||||
| CVE-2024-58105 | 2025-03-27 | N/A | 7.3 HIGH | ||
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-45425 | 2025-02-25 | N/A | 4.9 MEDIUM | ||
| Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2024-6356 | 2025-02-05 | N/A | 4.4 MEDIUM | ||
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. | |||||
| CVE-2024-13041 | 2025-01-09 | N/A | 4.2 MEDIUM | ||
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. | |||||
| CVE-2024-29296 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. | |||||
| CVE-2024-28020 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 8.0 HIGH |
| A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services. | |||||
| CVE-2024-27269 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575. | |||||
| CVE-2023-51750 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2024-11-21 | N/A | 4.6 MEDIUM |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." | |||||
| CVE-2023-3932 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.2 HIGH |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | |||||
| CVE-2023-3914 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
| A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects. | |||||
| CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.9 MEDIUM |
| A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | |||||
| CVE-2023-3115 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. | |||||
| CVE-2022-35503 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself. | |||||
| CVE-2024-52359 | 2024-11-19 | N/A | 4.3 MEDIUM | ||
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | |||||
| CVE-2024-9312 | 2024-10-15 | N/A | 7.5 HIGH | ||
| Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | |||||