6.5

CVSS3.1

CVE-2024-41773 - IBM Global Configuration Management incorrect ownership assignment

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.

๐Ÿ“… Published: Aug. 20, 2024, 7:26 p.m. ๐Ÿ”„ Last Modified: Aug. 26, 2024, 6:33 p.m.

9.5

CVSS4.0

CVE-2024-6800 -

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Seโ€ฆ

๐Ÿ“… Published: Aug. 20, 2024, 7:21 p.m. ๐Ÿ”„ Last Modified: Sept. 30, 2024, 7:14 p.m.

5.9

CVSS4.0

CVE-2024-6337 - Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access โ€ฆ

๐Ÿ“… Published: Aug. 20, 2024, 7:19 p.m. ๐Ÿ”„ Last Modified: Sept. 27, 2024, 5:48 p.m.

5.3

CVSS4.0

CVE-2024-7711 -

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server veโ€ฆ

๐Ÿ“… Published: Aug. 20, 2024, 7:17 p.m. ๐Ÿ”„ Last Modified: Sept. 27, 2024, 6:17 p.m.

9.6

CVSS3.1

CVE-2024-38175 - Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.

๐Ÿ“… Published: Aug. 20, 2024, 6:15 p.m. ๐Ÿ”„ Last Modified: July 10, 2025, 4:33 p.m.

4.4

CVSS3.1

CVE-2024-6322 -

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query acโ€ฆ

๐Ÿ“… Published: Aug. 20, 2024, 5:52 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS4.0

CVE-2024-35214 - Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows

A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT.

๐Ÿ“… Published: Aug. 20, 2024, 5:24 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2024-43408 - Discourse Placeholder Forms has a XSS stopped by CSP

Discourse Placeholder Forms will let you build dynamic documentation. Unsanitized and stored user input was injected in the html of the post. The vulnerability is fixed in commit a62f711d5600e4e5d86f342d52932cb6221672e7.

๐Ÿ“… Published: Aug. 20, 2024, 4:28 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.1

CVSS3.1

CVE-2024-27185 - [20240802] - Core - Cache Poisoning in Pagination

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

๐Ÿ“… Published: Aug. 20, 2024, 4:03 p.m. ๐Ÿ”„ Last Modified: June 4, 2025, 8:58 p.m.

6.1

CVSS3.1

CVE-2024-27186 - [20240803] - Core - XSS in HTML Mail Templates

The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.

๐Ÿ“… Published: Aug. 20, 2024, 4:03 p.m. ๐Ÿ”„ Last Modified: June 4, 2025, 8:58 p.m.
Total resulsts: 349182
Page 8786 of 34,919
ยซ previous page ยป next page
Filters