Export limit exceeded: 363015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (104 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36250 1 Mattermost 1 Mattermost Server 2024-11-14 3.1 Low
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
CVE-2024-10214 1 Mattermost 1 Mattermost 2024-11-05 3.5 Low
Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.
CVE-2024-8642 2 Eclipse, Eclipse Foundation 2 Eclipse Dataspace Components, Edc 2024-09-19 8.1 High
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
CVE-2024-25157 1 Fortra 1 Goanywhere Managed File Transfer 2024-08-29 6.5 Medium
An authentication bypass vulnerability in GoAnywhere MFT prior to 7.6.0 allows Admin Users with access to the Agent Console to circumvent some permission checks when attempting to visit other pages. This could lead to unauthorized information disclosure or modification.