6.5

CVSS3.1

CVE-2024-29956 - cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANn…

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.

πŸ“… Published: April 18, 2024, 1 a.m. πŸ”„ Last Modified: Feb. 4, 2025, 3:58 p.m.

2.3

CVSS4.0

CVE-2024-3932 - Totara LMS User Selector cross-site request forgery

A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The explo…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2024-3931 - Totara LMS User Selector check.php cross site scripting

A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting. The attack may be la…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: June 10, 2025, 8:08 p.m.

7.5

CVSS3.1

CVE-2024-32475 - Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes

Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when s…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Sept. 4, 2025, 7:39 p.m.

8.0

CVSS3.1

CVE-2024-30929 -

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 7:17 p.m.

9.8

CVSS3.1

CVE-2024-30923 -

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 7:17 p.m.

5.5

CVSS3.1

CVE-2024-26921 - inet: inet_defrag: prevent sk release while still in use

In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must no…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 3, 2025, 9:16 p.m.

9.8

CVSS3.1

CVE-2024-30938 -

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: April 4, 2025, 1:25 p.m.

6.3

CVSS3.1

CVE-2024-30927 -

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 7:17 p.m.

4.3

CVSS3.1

CVE-2024-32333 -

TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: April 3, 2025, 3:39 p.m.
Total resulsts: 349182
Page 10223 of 34,919
Β« previous page Β» next page
Filters