Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44734 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | |||||
| CVE-2024-41475 | 1 Sir | 1 Gnuboard | 2024-09-18 | N/A | 8.8 HIGH |
| Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration. | |||||
| CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 2.7 LOW |
| Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | |||||
| CVE-2024-23458 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.3 HIGH |
| While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. | |||||