Export limit exceeded: 13448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10887 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35301 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 5.5 Medium |
| In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token | ||||
| CVE-2024-41644 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 9.8 Critical |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | ||||
| CVE-2024-41645 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 9.8 Critical |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | ||||
| CVE-2024-41646 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 9.8 Critical |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | ||||
| CVE-2024-41648 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 7.1 High |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | ||||
| CVE-2024-41649 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 9.8 Critical |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | ||||
| CVE-2024-41650 | 1 Openrobotics | 1 Robot Operating System | 2024-12-13 | 7.1 High |
| Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | ||||
| CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | 6.3 Medium |
| A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. | ||||
| CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | 4.3 Medium |
| A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. | ||||
| CVE-2024-12483 | 1 Ujcms | 1 Ujcms | 2024-12-13 | 3.7 Low |
| A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-1942 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.3 Medium |
| Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. | ||||
| CVE-2024-2450 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2024-12-13 | 8.8 High |
| Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions. | ||||
| CVE-2024-29221 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 4.7 Medium |
| Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users, even if the "Add Members" permission was explicitly removed from team admins. | ||||
| CVE-2024-2447 | 1 Mattermost | 1 Mattermost Server | 2024-12-13 | 6.5 Medium |
| Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action. | ||||
| CVE-2024-3127 | 1 Gitlab | 1 Gitlab | 2024-12-13 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP restriction for groups through GraphQL allowing unauthorised users to perform some actions at the group level. | ||||
| CVE-2024-54296 | 2024-12-13 | 9.8 Critical | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2. | ||||
| CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2024-12-12 | 4.3 Medium |
| Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | ||||
| CVE-2024-45149 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-12-12 | 2.7 Low |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-4024 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 7.3 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker with their Bitbucket account credentials may be able to take over a GitLab account linked to another user's Bitbucket account, if Bitbucket is used as an OAuth 2.0 provider on GitLab. | ||||
| CVE-2024-10111 | 2024-12-12 | 8.1 High | ||
| The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token. | ||||