8.5
CVE-2024-39690 - Capsule tenant owner with "patch namespace" permission can hijack system namespaces
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.β¦
6.9
CVE-2024-8005 - demozx gf_cms JWT Authentication auth.go init hard-coded credentials
A vulnerability was found in demozx gf_cms 1.0/1.0.1. It has been classified as critical. This affects the function init of the file internal/logic/auth/auth.go of the component JWT Authentication. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. Theβ¦
8.1
CVE-2024-6377 - URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer frβ¦
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
8.7
CVE-2024-6378 - Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovatoβ¦
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
7.7
CVE-2024-6379 - Reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R20β¦
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
5.1
CVE-2024-8003 - Go-Tribe gotribe-admin Log routes.go InitRoutes deserialization
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as 45ac90d6d1f82716f77dβ¦
8.2
CVE-2024-42336 - Servision - CWE-287: Improper Authentication
Servision - CWE-287: Improper Authentication
5.4
CVE-2024-42335 - 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scriptinβ¦
7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
0.0
CVE-2024-42334 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.5
CVE-2024-6918 -
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP.