The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-45149 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to byp... read CVE-2024-45149
Published: October 10, 2024; 6:15:08 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-45148 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gai... read CVE-2024-45148
Published: October 10, 2024; 6:15:07 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2024-45135 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass secu... read CVE-2024-45135
Published: October 10, 2024; 6:15:07 AM -0400V3.1: 2.7 LOW
-
CVE-2024-45134 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low imp... read CVE-2024-45134
Published: October 10, 2024; 6:15:07 AM -0400V3.1: 2.7 LOW
-
CVE-2024-45133 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low imp... read CVE-2024-45133
Published: October 10, 2024; 6:15:07 AM -0400V3.1: 2.7 LOW
-
CVE-2024-45129 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass s... read CVE-2024-45129
Published: October 10, 2024; 6:15:06 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-45130 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to byp... read CVE-2024-45130
Published: October 10, 2024; 6:15:06 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-45127 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malici... read CVE-2024-45127
Published: October 10, 2024; 6:15:06 AM -0400V3.1: 4.8 MEDIUM
-
CVE-2024-45125 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have... read CVE-2024-45125
Published: October 10, 2024; 6:15:05 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-45124 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security m... read CVE-2024-45124
Published: October 10, 2024; 6:15:05 AM -0400V3.1: 5.3 MEDIUM
-
CVE-2021-4437 - A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of t... read CVE-2021-4437
Published: February 12, 2024; 3:15:07 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2024-25110 - The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code... read CVE-2024-25110
Published: February 12, 2024; 3:15:08 PM -0500V3.1: 8.1 HIGH
-
CVE-2024-47565 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote at... read CVE-2024-47565
Published: October 08, 2024; 5:15:18 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-47563 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unaut... read CVE-2024-47563
Published: October 08, 2024; 5:15:18 AM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-47562 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authentica... read CVE-2024-47562
Published: October 08, 2024; 5:15:18 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-47553 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged ... read CVE-2024-47553
Published: October 08, 2024; 5:15:17 AM -0400V3.1: 9.9 CRITICAL
-
CVE-2024-47951 - In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
Published: October 08, 2024; 12:15:13 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-47950 - In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
Published: October 08, 2024; 12:15:12 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-47949 - In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
Published: October 08, 2024; 12:15:12 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-47948 - In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
Published: October 08, 2024; 12:15:12 PM -0400V3.1: 7.5 HIGH