6.5
CVE-2024-7209 - CVE-2024-7209
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender.
5.5
CVE-2023-26288 - IBM Aspera Orchestrator session fixation
IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.
6.5
CVE-2023-38001 - IBM Aspera Orchestrator cross-site request forgery
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.
5.4
CVE-2023-26289 - IBM Aspera Orchestrator HTTP header injection
IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Forcβ¦
6.5
CVE-2024-41944 - Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `β¦
8.8
CVE-2024-7297 - Langflow Privilege Escalation
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.
6.5
CVE-2024-41804 - Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Column Formuβ¦
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially craβ¦
8.1
CVE-2024-41802 - Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data Import
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to tβ¦
4.9
CVE-2024-41803 - Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Filter
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for β¦
0.0
CVE-2024-7298 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.