9.8

CVSS3.1

CVE-2024-31601 -

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-28322 -

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: May 14, 2025, 2:33 p.m.

6.5

CVSS3.1

CVE-2024-33667 -

An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2025, 4:39 p.m.

2.7

CVSS3.1

CVE-2024-4198 - mattermost: fail to fully validate role changes which allows an attacker authenticated as team admi…

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: May 12, 2025, 1:45 p.m.

4.3

CVSS3.1

CVE-2024-4182 - mattermost: fail to handle JSON parsing errors in custom status values

Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and 8.1.x before 8.1.12 fail to handle JSON parsing errors in custom status values, which allows an authenticated attacker to crash other users' web clients via a malformed custom status.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: May 12, 2025, 1:41 p.m.

9.8

CVSS3.1

CVE-2024-33344 -

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: May 21, 2025, 12:51 p.m.

2.7

CVSS3.1

CVE-2024-4195 - mattermost: fail to fully validate role changes leading to promote guests to team admins

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: May 12, 2025, 1:43 p.m.

5.5

CVSS3.1

CVE-2024-33259 -

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: Sept. 22, 2025, 1:51 p.m.

7.1

CVSS3.1

CVE-2024-33258 -

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: Sept. 22, 2025, 1:54 p.m.

6.5

CVSS3.1

CVE-2024-32868 - ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanis…

πŸ“… Published: April 25, 2024, 11:53 p.m. πŸ”„ Last Modified: Jan. 8, 2025, 6:21 p.m.
Total resulsts: 349182
Page 10164 of 34,919
Β« previous page Β» next page
Filters