5.8

CVSS3.1

CVE-2024-29030 - memos vulnerable to an SSRF in /api/resource

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.

๐Ÿ“… Published: April 19, 2024, 3:13 p.m. ๐Ÿ”„ Last Modified: July 7, 2025, 4:05 p.m.

9.1

CVSS3.1

CVE-2024-32644 - Evmos' transaction execution not accounting for all state transition after interaction with precompโ€ฆ

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit isโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:53 p.m. ๐Ÿ”„ Last Modified: Nov. 21, 2024, 9:15 a.m.

6.9

CVSS3.1

CVE-2024-32478 - Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files

Git Credential Manager (GCM) is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0.

๐Ÿ“… Published: April 19, 2024, 2:37 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-32038 - Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability

Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manaโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:31 p.m. ๐Ÿ”„ Last Modified: Jan. 9, 2025, 5:38 p.m.

8.8

CVSS3.1

CVE-2023-50260 - Wazuh's vulnerability in host_deny AR script allows arbitrary command execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the actโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:28 p.m. ๐Ÿ”„ Last Modified: Jan. 9, 2025, 5:41 p.m.

8

CVSS3.1

CVE-2024-3684 - Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escโ€ฆ

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance when configuring the Artifacts & Logs and Migrations Storage. Exploitation of this vulnerability requirโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:25 p.m. ๐Ÿ”„ Last Modified: Sept. 2, 2025, 6:53 p.m.

6.5

CVSS3.1

CVE-2023-49275 - Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with thโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:24 p.m. ๐Ÿ”„ Last Modified: Jan. 9, 2025, 5:42 p.m.

8

CVSS3.1

CVE-2024-3646 - Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege eโ€ฆ

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub Enterpโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:21 p.m. ๐Ÿ”„ Last Modified: Sept. 2, 2025, 7:04 p.m.

5.9

CVSS3.1

CVE-2024-3470 - Repository administrator can bypass organization's ruleset using deploy keys

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as wellโ€ฆ

๐Ÿ“… Published: April 19, 2024, 2:17 p.m. ๐Ÿ”„ Last Modified: Sept. 2, 2025, 7:12 p.m.

7.8

CVSS3.1

CVE-2023-37400 - IBM Aspera Faspex privilege escalation

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to escalate their privileges due to insecure credential storage. IBM X-Force ID: 259677.

๐Ÿ“… Published: April 19, 2024, 2:02 p.m. ๐Ÿ”„ Last Modified: Dec. 19, 2024, 3:41 p.m.
Total resulsts: 349182
Page 10204 of 34,919
ยซ previous page ยป next page
Filters