Total
32782 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45148 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-16 | 8.8 High |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-46307 | 2 Nanjing Xingyuantu Technology, Sparkshop | 2 Sparkshop, Sparkshop | 2024-10-15 | 7.5 High |
| A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. | ||||
| CVE-2024-7294 | 1 Progress | 2 Telerik Report Server, Telerik Reporting | 2024-10-15 | 7.5 High |
| In ProgressĀ® TelerikĀ® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | ||||
| CVE-2024-9519 | 2 Userplus, Wpuserplus | 2 User Registration And User Profile, Userplus | 2024-10-15 | 7.2 High |
| The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation. | ||||
| CVE-2024-9518 | 2 Userplus, Wpuserplus | 2 User Registration And User Profile, Userplus | 2024-10-15 | 9.8 Critical |
| The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | ||||
| CVE-2024-45135 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 2.7 Low |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45134 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 2.7 Low |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45129 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45130 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45124 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-11 | 5.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-48942 | 1 Syracom | 1 Secure Login | 2024-10-11 | 9.1 Critical |
| The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid. | ||||
| CVE-2024-48941 | 1 Syracom | 1 Secure Login | 2024-10-11 | 9.1 Critical |
| The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. | ||||
| CVE-2024-45115 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 9.8 Critical |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45117 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 7.6 High |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2024-45118 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 6.5 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45121 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45122 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-30118 | 1 Hcltech | 1 Connections | 2024-10-10 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. | ||||
| CVE-2024-20381 | 1 Cisco | 3 Ios Xr, Network Services Orchestrator, Small Business Rv Series Router Firmware | 2024-10-08 | 8.8 High |
| A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system. | ||||
| CVE-2024-20393 | 1 Cisco | 9 Rv340 Dual Wan Gigabit Vpn Router, Rv340 Dual Wan Gigabit Vpn Router Firmware, Rv340w Dual Wan Gigabit Wireless-ac Vpn Router and 6 more | 2024-10-08 | 8.8 High |
| A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin. | ||||