Total
138 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-2730 | 2024-04-10 | N/A | 5.3 MEDIUM | ||
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available | |||||
CVE-2020-7541 | 1 Schneider-electric | 40 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 37 more | 2024-04-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP. | |||||
CVE-2024-24592 | 1 Clear | 1 Clearml | 2024-02-15 | N/A | 9.8 CRITICAL |
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. | |||||
CVE-2023-46186 | 2024-02-14 | N/A | 5.3 MEDIUM | ||
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929. | |||||
CVE-2015-1313 | 1 Jetbrains | 1 Teamcity | 2024-02-04 | N/A | 6.5 MEDIUM |
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | |||||
CVE-2022-45276 | 1 Eyunjing | 1 Yjcms | 2024-02-04 | N/A | 9.8 CRITICAL |
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. | |||||
CVE-2022-47700 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2024-02-04 | N/A | 7.5 HIGH |
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication. | |||||
CVE-2022-42953 | 1 Zkteco | 20 Zem500, Zem500 Firmware, Zem510 and 17 more | 2024-02-04 | N/A | 7.5 HIGH |
Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210). The fixed versions are firmware version 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and firmware version 15.00 (ZMM200-220-210). | |||||
CVE-2022-4057 | 1 Optimizingmatters | 1 Autooptimize | 2024-02-04 | N/A | 5.3 MEDIUM |
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. | |||||
CVE-2022-42438 | 2 Ibm, Linux | 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel | 2024-02-04 | N/A | 8.8 HIGH |
IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. | |||||
CVE-2022-34571 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-02-04 | N/A | 8.0 HIGH |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtml. | |||||
CVE-2022-41746 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-02-04 | N/A | 9.1 CRITICAL |
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. | |||||
CVE-2022-40845 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2024-02-04 | N/A | 6.5 MEDIUM |
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | |||||
CVE-2022-2551 | 1 Snapcreek | 1 Duplicator | 2024-02-04 | N/A | 7.5 HIGH |
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | |||||
CVE-2022-34574 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-02-04 | N/A | 5.7 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini. | |||||
CVE-2022-34572 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-02-04 | N/A | 5.7 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. | |||||
CVE-2022-2192 | 1 Hypr | 1 Hypr Server | 2024-02-04 | N/A | 8.8 HIGH |
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions. | |||||
CVE-2022-1551 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2024-02-04 | N/A | 6.5 MEDIUM |
The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. | |||||
CVE-2022-34573 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-02-04 | N/A | 6.3 MEDIUM |
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml. | |||||
CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-02-04 | N/A | 8.8 HIGH |
A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. |