The product does not properly verify that the source of data or communication is valid.
556 vulnerabilities with CWE-346
CVE-2024-32764
CRITICAL
myQNAPcloud Link <2.4.51 - Privilege Escalation
CVSS 9.9
CVE-2024-1249
HIGH
Keycloak < 22.0.10 - Unauthenticated Denial of Service via OIDC checkLoginIframe Origin Validation Error
CVSS 7.4
CVE-2024-28224
MEDIUM
Ollama < 0.1.29 - Unauthenticated DNS Rebinding Attack
CVSS 6.6
CVE-2024-2447
MEDIUM
Mattermost <8.1.11-9.5.2 - Privilege Escalation
CVSS 6.5
CVE-2024-2182
MEDIUM
Open Virtual Network BFD Packets - Denial of Service
CVSS 6.5
CVE-2024-25996
MEDIUM
CHARX SEC-3000/3050/3100/3150 Firmware < 1.5.1 - Unauthenticated Remote Code Execution via Origin Validation Error
CVSS 5.3
CVE-2024-25124
CRITICAL
Fiber < 2.52.1 - Insecure CORS Configuration with Wildcard Origin and Credentials
CVSS 9.4
CVE-2024-26135
HIGH
MeshCentral < 1.1.21 - Cross-Site WebSocket Hijacking via control.ashx Endpoint
CVSS 8.3
CVE-2024-0009
MEDIUM
Palo Alto Networks PAN-OS 10.2.0-10.2.3 - Authenticated VPN Connection from Unauthorized IP via GlobalProtect Gateway
CVSS 6.3
CVE-2024-24782
MEDIUM
Hima F30/F35/F60 Firmware - Origin Verification Bypass via Ping Request
CVSS 4.3
CVE-2024-24557
MEDIUM
Moby < 24.0.9 - Cache Poisoning via Classic Builder Cache System
CVSS 6.9
CVE-2024-23898
HIGH
Jenkins 2.217-2.441 and LTS 2.222.1-2.426.2 - Cross-Site WebSocket Hijacking via CLI Endpoint
CVSS 8.8
CVE-2024-0814
MEDIUM
Google Chrome < 121.0.6167.85 - Security UI Spoofing via Payments
CVSS 6.5
CVE-2024-0749
MEDIUM
Firefox < 122.0 and Firefox ESR < 115.7 - Origin Validation Error via about: Dialog
CVSS 4.3
CVE-2023-46715
MEDIUM
Fortinet FortiOS <7.4.1, <7.2.6 - Auth Bypass
CVSS 5.0
CVE-2023-27360
HIGH
NETGEAR RAX30 Firmware < 1.0.10.94 - Unauthenticated Remote Code Execution via lighttpd Misconfiguration
CVSS 8.8
CVE-2023-5973
MEDIUM
Broadcom Fabric Operating System < 9.2.0 - Origin Validation Error
CVSS 4.3
CVE-2023-30996
MEDIUM
IBM Cognos Analytics <12.0.0 - Info Disclosure
CVSS 5.3
CVE-2023-40547
HIGH
Shim <15.8 - Remote Code Execution via HTTP Boot Response Parsing
CVSS 8.3
CVE-2023-47200
HIGH
Trend Micro Apex One < 14.0.12737 - Local Privilege Escalation via Plug-in Manager Origin Validation Error
CVSS 7.8
CVE-2023-47199
HIGH
Trend Micro Apex One < 14.0.12737 - Privilege Escalation via Origin Validation Error
CVSS 7.8
CVE-2023-47198
HIGH
Trend Micro Apex One < 14.0.12737 - Privilege Escalation via Origin Validation Error
CVSS 7.8
CVE-2023-47197
HIGH
Trend Micro Apex One < 14.0.12737 - Privilege Escalation via Origin Validation Error
CVSS 7.8
CVE-2023-47196
HIGH
Trend Micro Apex One < 14.0.12737 - Privilege Escalation via Origin Validation Error
CVSS 7.8
CVE-2023-47195
HIGH
Trend Micro Apex One < 14.0.12737 - Privilege Escalation via Origin Validation Error
CVSS 7.8
Details
Vulnerabilities
556