Total
8075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32780 | 2024-04-24 | N/A | 5.9 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2. | |||||
| CVE-2024-28963 | 2024-04-24 | N/A | 6.2 MEDIUM | ||
| Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. | |||||
| CVE-2024-2760 | 2024-04-23 | N/A | 5.5 MEDIUM | ||
| Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. | |||||
| CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-04-19 | N/A | 4.3 MEDIUM |
| Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | |||||
| CVE-2023-1402 | 1 Moodle | 1 Moodle | 2024-04-19 | N/A | 4.3 MEDIUM |
| The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | |||||
| CVE-2024-29961 | 2024-04-19 | N/A | 8.2 HIGH | ||
| A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance. | |||||
| CVE-2024-29968 | 2024-04-19 | N/A | 7.7 HIGH | ||
| An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. SQL Table names, column names, and SQL queries are collected in DR standby Supportsave. This could allow authenticated users to access the database structure and its contents. | |||||
| CVE-2024-32086 | 2024-04-17 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | |||||
| CVE-2024-32506 | 2024-04-17 | N/A | 5.4 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. | |||||
| CVE-2024-3574 | 2024-04-16 | N/A | 7.5 HIGH | ||
| In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking. | |||||
| CVE-2024-31219 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint. | |||||
| CVE-2024-29841 | 2024-04-15 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user | |||||
| CVE-2024-24891 | 2024-04-15 | N/A | 6.0 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244. | |||||
| CVE-2024-22435 | 2024-04-15 | N/A | 8.3 HIGH | ||
| A potential security vulnerability has been identified in Web ViewPoint Enterprise software. This vulnerability could be exploited to allow unauthorized users to access some resources on a NonStop system. | |||||
| CVE-2024-24898 | 2024-04-15 | N/A | 6.0 MEDIUM | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244. | |||||
| CVE-2024-3505 | 2024-04-15 | N/A | 4.3 MEDIUM | ||
| JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments. | |||||
| CVE-2024-29839 | 2024-04-15 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user | |||||
| CVE-2024-29843 | 2024-04-15 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels | |||||
| CVE-2024-29842 | 2024-04-15 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user | |||||
| CVE-2024-29840 | 2024-04-15 | N/A | 7.5 HIGH | ||
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user | |||||