6.5

CVSS3.1

CVE-2024-31992 - Mealie contains a DoS vulnerability in recipe importer

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server, however these requests are not rate-limited. While there are efforts to prevent DDoS by implementing a timeout on requests, it…

πŸ“… Published: April 19, 2024, 8:49 p.m. πŸ”„ Last Modified: March 7, 2025, 12:36 p.m.

4.1

CVSS3.1

CVE-2024-31991 - Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,…

πŸ“… Published: April 19, 2024, 8:42 p.m. πŸ”„ Last Modified: March 7, 2025, 12:36 p.m.

8.8

CVSS3.1

CVE-2024-4017 - Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.

πŸ“… Published: April 19, 2024, 8:40 p.m. πŸ”„ Last Modified: July 12, 2025, 10:09 p.m.

8.8

CVSS3.1

CVE-2024-4018 - Privilege Escalation in U-Series Appliance

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.

πŸ“… Published: April 19, 2024, 8:29 p.m. πŸ”„ Last Modified: July 13, 2025, 11:31 a.m.

5.3

CVSS3.1

CVE-2024-1681 - Log Injection Vulnerability in corydolphin/flask-cors

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, po…

πŸ“… Published: April 19, 2024, 7:37 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 8:16 p.m.

2.7

CVSS3.1

CVE-2024-31450 - Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277)

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The para…

πŸ“… Published: April 19, 2024, 6:59 p.m. πŸ”„ Last Modified: Oct. 15, 2025, 2:59 p.m.

7.5

CVSS3.1

CVE-2024-32652 - @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed

The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty s…

πŸ“… Published: April 19, 2024, 6:29 p.m. πŸ”„ Last Modified: Sept. 17, 2025, 8:33 p.m.

4.4

CVSS3.1

CVE-2024-3979 - COVESA vsomeip race condition

A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Affected by this issue is some unknown functionality. The manipulation leads to race condition. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. …

πŸ“… Published: April 19, 2024, 6 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-4012 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: April 19, 2024, 5:30 p.m. πŸ”„ Last Modified: Feb. 11, 2025, 2:15 a.m.

5.5

CVSS3.1

CVE-2024-2440 - Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached.Β This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 a…

πŸ“… Published: April 19, 2024, 5:02 p.m. πŸ”„ Last Modified: Sept. 2, 2025, 6:49 p.m.
Total resulsts: 349182
Page 10202 of 34,919
Β« previous page Β» next page
Filters