261
|
- |
|
-
|
-
|
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens,…
New
|
CWE-285
Improper Authorization
|
CVE-2024-52528
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
262
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved i…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-52525
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
263
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely bein…
New
|
CWE-328
Use of Weak Hash
|
CVE-2024-52521
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud …
New
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-52519
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
265
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storag…
New
|
CWE-287
Improper Authentication
|
CVE-2024-52518
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
266
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain t…
New
|
CWE-200
Information Exposure
|
CVE-2024-52517
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously sh…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-52516
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If t…
New
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2024-52515
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269
|
- |
|
-
|
-
|
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
New
|
-
|
CVE-2024-50655
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270
|
- |
|
-
|
-
|
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in hi…
New
|
-
|
CVE-2024-50654
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|