9.8

CVSS3.1

CVE-2024-30922 -

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 7:17 p.m.

5.9

CVSS3.1

CVE-2024-30171 - bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.4

CVSS3.1

CVE-2024-32462 - Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` ex…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Dec. 16, 2025, 6:13 p.m.

6.8

CVSS3.1

CVE-2024-32326 -

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: April 7, 2025, 2:26 p.m.

2.4

CVSS3.1

CVE-2024-32325 -

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: May 13, 2025, 12:53 a.m.

6.1

CVSS3.1

CVE-2024-27306 - aiohttp vulnerable to XSS on index pages for static file handling

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following th…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 3, 2025, 9:16 p.m.

4.7

CVSS3.1

CVE-2024-32473 - Moby IPv6 enabled on IPv4-only network interfaces

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipv…

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Sept. 4, 2025, 3:09 p.m.

6.5

CVSS3.1

CVE-2024-30925 -

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 7:17 p.m.

9.8

CVSS3.1

CVE-2024-30564 -

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.

πŸ“… Published: April 18, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-3928 - Dromara open-capacity-platform auth-server heapdump information disclosure

A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launche…

πŸ“… Published: April 17, 2024, 11:31 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10225 of 34,919
Β« previous page Β» next page
Filters