9.3
CVE-2024-9166 - OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
5.3
CVE-2024-39319 - aimeos/ai-controller-frontend has IDOR vulnerability in account profile page
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 202β¦
4.3
CVE-2024-8771 - Email Subscribers by Icegram Express β Email Marketing, Newsletters, Automation for WordPress & Wooβ¦
The Email Subscribers by Icegram Express β Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5β¦
7.2
CVE-2024-43191 - IBM ManageIQ command execution
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
4.9
CVE-2024-7259 - Ovirt-engine: potential exposure of cleartext provider passwords via web ui
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
4.3
CVE-2024-9155 - Insufficient Authorization On Unlinked Channel Files
Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of.
6.7
CVE-2024-30134 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerabiliβ¦
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.
6.4
CVE-2024-9177 - Themedy Toolbox <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Sβ¦
The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shβ¦
4.3
CVE-2024-31899 - IBM Cognos Command Center information disclosure
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device.
4.4
CVE-2023-46175 - IBM Cloud Pak for Multicloud Management information disclosure
IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.