| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. |
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. |
| When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 |
| Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. |
| Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. |
| Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. |
| The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. |
| Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High) |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. |
| A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). |
