4.8
CVE-2024-48872 - Bypass of "Max failed attempts" restriction via race condition
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to preventย concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blโฆ
8.1
CVE-2024-12646 - Chunghwa Telecom topm-client - Arbitrary File Delete
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs throโฆ
5.3
CVE-2024-9679 -
A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.
6.5
CVE-2024-12645 - Chunghwa Telecom topm-client - Arbitrary File Read
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs throuโฆ
7.1
CVE-2024-12644 - Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phisโฆ
8.1
CVE-2024-12643 - Chunghwa Telecom tbm-client - Arbitrary File Delete
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs throuโฆ
4.9
CVE-2024-9678 -
An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.
8.1
CVE-2024-12642 - Chunghwa Telecom TenderDocTransfer - Arbitrary File Write
TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs thโฆ
9.6
CVE-2024-12641 - Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specโฆ
5.3
CVE-2024-5333 - The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.