Show filters
325,765 Total Results
Displaying 1,141-1,150 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-46935
Disclosure Date: September 25, 2024 (last updated September 27, 2024)
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.
0
Attacker Value
Unknown
CVE-2024-46934
Disclosure Date: September 25, 2024 (last updated September 27, 2024)
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.
0
Attacker Value
Unknown
CVE-2024-46612
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
0
Attacker Value
Unknown
CVE-2024-46610
Disclosure Date: September 25, 2024 (last updated October 01, 2024)
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
0
Attacker Value
Unknown
CVE-2024-46609
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
0
Attacker Value
Unknown
CVE-2024-46607
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
0
Attacker Value
Unknown
CVE-2024-45599
Disclosure Date: September 25, 2024 (last updated September 25, 2024)
Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable.
Moreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitle…
0
Attacker Value
Unknown
CVE-2024-45373
Disclosure Date: September 25, 2024 (last updated October 02, 2024)
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
0
Attacker Value
Unknown
CVE-2024-45066
Disclosure Date: September 25, 2024 (last updated October 02, 2024)
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a remote attacker to inject arbitrary commands.
0
Attacker Value
Unknown
CVE-2024-43693
Disclosure Date: September 25, 2024 (last updated October 02, 2024)
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a remote attacker to inject arbitrary
commands.
0