U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-45149 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to byp... read CVE-2024-45149
    Published: October 10, 2024; 6:15:08 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45148 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gai... read CVE-2024-45148
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-45135 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass secu... read CVE-2024-45135
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-45134 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low imp... read CVE-2024-45134
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-45133 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low imp... read CVE-2024-45133
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-45129 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass s... read CVE-2024-45129
    Published: October 10, 2024; 6:15:06 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45130 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to byp... read CVE-2024-45130
    Published: October 10, 2024; 6:15:06 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45127 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malici... read CVE-2024-45127
    Published: October 10, 2024; 6:15:06 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-45125 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have... read CVE-2024-45125
    Published: October 10, 2024; 6:15:05 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45124 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security m... read CVE-2024-45124
    Published: October 10, 2024; 6:15:05 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2021-4437 - A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of t... read CVE-2021-4437
    Published: February 12, 2024; 3:15:07 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-25110 - The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code... read CVE-2024-25110
    Published: February 12, 2024; 3:15:08 PM -0500

    V3.1: 8.1 HIGH

  • CVE-2024-47565 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote at... read CVE-2024-47565
    Published: October 08, 2024; 5:15:18 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-47563 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unaut... read CVE-2024-47563
    Published: October 08, 2024; 5:15:18 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-47562 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authentica... read CVE-2024-47562
    Published: October 08, 2024; 5:15:18 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-47553 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged ... read CVE-2024-47553
    Published: October 08, 2024; 5:15:17 AM -0400

    V3.1: 9.9 CRITICAL

  • CVE-2024-47951 - In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
    Published: October 08, 2024; 12:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-47950 - In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
    Published: October 08, 2024; 12:15:12 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-47949 - In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
    Published: October 08, 2024; 12:15:12 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-47948 - In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
    Published: October 08, 2024; 12:15:12 PM -0400

    V3.1: 7.5 HIGH

Created September 20, 2022 , Updated August 27, 2024