🚨 CVE-2023-2112
Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.

🎖@cveNotify

🚨 CVE-2023-2480
Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications

🎖@cveNotify

🚨 CVE-2022-1606
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.

🎖@cveNotify

🚨 CVE-2022-1911
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.

🎖@cveNotify

🚨 CVE-2022-4270
Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.

🎖@cveNotify

🚨 CVE-2022-4264
Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration.

🎖@cveNotify

🚨 CVE-2022-4858
Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set.

🎖@cveNotify

🚨 CVE-2022-4861
Incorrect implementation in authentication protocol in M-Files Client before 22.5.11356.0 allows high privileged user to get other users tokens to another resource.

🎖@cveNotify

🚨 CVE-2022-3284
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0.
This issue affects M-Files New Web: before 22.11.12011.0.

🎖@cveNotify

🚨 CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information.


This issue affects M-Files New Web: before 22.12.12140.3.

🎖@cveNotify

🚨 CVE-2024-7269
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. An attacker might inject a script to be run in user's browser. After multiple attempts to contact the vendor we did not receive any answer. The finder provided the information that this issue affects ESP HR Management versions before 6.6.

🎖@cveNotify

🚨 CVE-2024-7608
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.

🎖@cveNotify

🚨 CVE-2024-45346
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.

🎖@cveNotify

🚨 CVE-2024-6449
HyperView Geoportal Toolkit in versions though 8.2.4 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters.
An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by the attacker and execute them in the user space.
By manipulating this parameter it is also possible to enumerate some of the devices in Local Area Network in which the server resides.

🎖@cveNotify

🚨 CVE-2024-6450
HyperView Geoportal Toolkit in versions though 8.2.4 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser.

🎖@cveNotify

🚨 CVE-2024-7447
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist.

🎖@cveNotify

🚨 CVE-2022-39997
A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges

🎖@cveNotify

🚨 CVE-2024-1544
Generating the ECDSA nonce k samples a random number r and then
truncates this randomness with a modular reduction mod n where n is the
order of the elliptic curve. Meaning k = r mod n. The division used
during the reduction estimates a factor q_e by dividing the upper two
digits (a digit having e.g. a size of 8 byte) of r by the upper digit of
n and then decrements q_e in a loop until it has the correct size.
Observing the number of times q_e is decremented through a control-flow
revealing side-channel reveals a bias in the most significant bits of
k. Depending on the curve this is either a negligible bias or a
significant bias large enough to reconstruct k with lattice reduction
methods. For SECP160R1, e.g., we find a bias of 15 bits.

🎖@cveNotify

🚨 CVE-2024-42361
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.

🎖@cveNotify

🚨 CVE-2024-42362
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.

🎖@cveNotify

🚨 CVE-2024-23216
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files.

🎖@cveNotify