CVE-2024-5201 : OPENTEXT DIMENSIONS RM UP TO 12.11.1.2/12.11.2.5 HTTP REQUEST PRIVILEGE ESCALATION

Description Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another

Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability

Description Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. References

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in

Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is

Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in

Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all

Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard

Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with

Description There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code

Description An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow

Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be

Description IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker

Description Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management

Description Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an

Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For

Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows