9.3
CVE-2024-9129 - Format String Injection in Zend Server
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino
5.3
CVE-2024-9287 - Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attackerβ¦
4.1
CVE-2024-49373 - Centurion ERP user can view projects from organizations they're not apart of
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.
4.2
CVE-2024-48929 - Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue.
4.6
CVE-2024-48927 - Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they βpreviewβ SVG files in full scβ¦
4.2
CVE-2024-48926 - Umbraco CMS logout page displayed before session expiration
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server sessiβ¦
0.0
CVE-2024-10249 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
0
CVE-2024-48925 - Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the β¦
4.2
CVE-2024-47819 - Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the coβ¦
9
CVE-2024-38002 -
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote autheβ¦