Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

GitLab Advisory Database
GitLab Advisory Databaseadded 2024/10/24 12:0 a.m.14 views

ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups

All SaaS and marketplace setups using Aimeos version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack...

5.5CVSS6.7AI score0.00346EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2024/07/03 8:23 a.m.13 views

Improper Access Control

aimeos/ai-admin-graphql is vulnerable to an Improper Access Control. The vulnerability is due to insufficient restrictions or checks on user roles and permissions, allowing an editor to modify and take over an admin account in the back end...

7.1CVSS6.6AI score0.00439EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2024/07/02 9:20 p.m.25 views

aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

3.8CVSS6.8AI score0.00425EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichmentadded 2024/07/02 8:9 p.m.17 views

CVE-2024-39324 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

3.8CVSS6.7AI score0.00425EPSS
Exploits0References5
Cvelist
Cvelistadded 2024/07/02 8:9 p.m.27 views

CVE-2024-39324 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

3.8CVSS0.00425EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2024/07/02 4:3 p.m.25 views

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

7.1CVSS6.8AI score0.00439EPSS
Exploits0References4
Rows per page
Query Builder