8.8

CVSS3.1

CVE-2024-31759 -

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.

📅 Published: April 16, 2024, midnight 🔄 Last Modified: June 12, 2025, 11:43 p.m.

7.5

CVSS3.1

CVE-2023-50872 -

The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issu…

📅 Published: April 16, 2024, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-31503 -

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

📅 Published: April 16, 2024, midnight 🔄 Last Modified: June 13, 2025, 4:22 p.m.

4.3

CVSS3.1

CVE-2024-29402 -

cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity.

📅 Published: April 16, 2024, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-27794 -

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login erro…

📅 Published: April 15, 2024, 10:16 p.m. 🔄 Last Modified: Dec. 11, 2024, 7:56 p.m.

7.5

CVSS3.1

CVE-2024-2424 - Rockwell Automation Input/Output Device Vulnerable to Major Nonrecoverable Fault

An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Addi…

📅 Published: April 15, 2024, 9:26 p.m. 🔄 Last Modified: Feb. 25, 2025, 6:56 p.m.

8.6

CVSS3.1

CVE-2024-3493 - Rockwell Automation ControlLogix and GaurdLogix Vulnerable to Major Nonrecoverable Fault Due to Inv…

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix 5580, CompactLogix 5380, and 1756-EN4TR. If exploited, the a…

📅 Published: April 15, 2024, 9:17 p.m. 🔄 Last Modified: Nov. 21, 2024, 9:29 a.m.

6.3

CVSS3.1

CVE-2024-23558 - HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

📅 Published: April 15, 2024, 9 p.m. 🔄 Last Modified: April 11, 2025, 6:14 p.m.

4.3

CVSS3.1

CVE-2024-23561 - HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

📅 Published: April 15, 2024, 8:20 p.m. 🔄 Last Modified: April 11, 2025, 6:16 p.m.

5.3

CVSS3.1

CVE-2024-32036 - SixLabors.ImageSharp vulnerable to data leakage

ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of t…

📅 Published: April 15, 2024, 8:08 p.m. 🔄 Last Modified: Jan. 9, 2025, 6:14 p.m.
Total resulsts: 349182
Page 10280 of 34,919
« previous page » next page
Filters