Filtered by CWE-346
Total 404 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-44734 1 Mirotalk 1 Mirotalk P2p 2024-10-16 7.5 High
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVE-2024-41475 2 Gnuboard, Sir 2 Gnuboard6, Gnuboard 2024-09-18 9.8 Critical
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
CVE-2024-41926 1 Mattermost 1 Mattermost Server 2024-09-04 2.7 Low
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.
CVE-2024-23458 1 Zscaler 1 Client Connector 2024-08-07 7.3 High
While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.