U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 227,965 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27098

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27096

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 1:15:06 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2390

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2052

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2051

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form.

Published: March 18, 2024; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2050

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product.

Published: March 18, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27930

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.

Published: March 18, 2024; 12:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-20757

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 12:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-20756

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 12:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-20755

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 12:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-20752

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 12:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: March 18, 2024; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-1333

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks

Published: March 18, 2024; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-1331

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks.

Published: March 18, 2024; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22257

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

Published: March 18, 2024; 11:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-20746

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 11:15:41 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-20745

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Published: March 18, 2024; 11:15:41 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)