7.8

CVSS3.1

CVE-2024-32656 - Ant Media Server vulnerable to local privilege escalation

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Ser…

πŸ“… Published: April 22, 2024, 10:16 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-32653 - Insufficient input filtering of "package name" allows command execution in the device with shell pr…

jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for…

πŸ“… Published: April 22, 2024, 10:13 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-32480 - LibreNMS's Time-Based Blind SQL injection leads to database extraction

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, result…

πŸ“… Published: April 22, 2024, 10:10 p.m. πŸ”„ Last Modified: Jan. 2, 2025, 9:38 p.m.

7.1

CVSS3.1

CVE-2024-32479 - LibreNMS's Improper Sanitization on Service template name leads to Stored XSS

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.

πŸ“… Published: April 22, 2024, 10:07 p.m. πŸ”„ Last Modified: Jan. 2, 2025, 9:32 p.m.

7.1

CVSS3.1

CVE-2024-32461 - LibreNMS vulnerable to time-based SQL injection that leads to database extraction

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an atta…

πŸ“… Published: April 22, 2024, 9:54 p.m. πŸ”„ Last Modified: Jan. 2, 2025, 9:29 p.m.

9.8

CVSS3.1

CVE-2024-4040 - Unauthenticated arbitrary file read and remote code execution in CrushFTP

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code exe…

πŸ“… Published: April 22, 2024, 7:21 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.

7.2

CVSS3.1

CVE-2024-3154 - Cri-o: arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

πŸ“… Published: April 22, 2024, 4 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.1

CVSS3.1

CVE-2024-27349 - Apache HugeGraph-Server: Bypass whitelist in Auth mode

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

πŸ“… Published: April 22, 2024, 2:08 p.m. πŸ”„ Last Modified: Aug. 21, 2025, 3:55 a.m.

9.8

CVSS3.1

CVE-2024-27348 - Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

πŸ“… Published: April 22, 2024, 2:08 p.m. πŸ”„ Last Modified: Oct. 23, 2025, 2:48 p.m.

5.3

CVSS3.1

CVE-2024-27347 - Apache HugeGraph-Hubble: SSRF in Hubble connection page

Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.

πŸ“… Published: April 22, 2024, 2:07 p.m. πŸ”„ Last Modified: June 30, 2025, 1:41 p.m.
Total resulsts: 349182
Page 10193 of 34,919
Β« previous page Β» next page
Filters