9.8

CVSS3.1

CVE-2024-28557 -

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: March 31, 2025, 4:28 p.m.

9.8

CVSS3.1

CVE-2024-28556 -

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: March 31, 2025, 4:28 p.m.

7.5

CVSS3.0

CVE-2024-1135 - HTTP Request Smuggling in benoitc/gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli…

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2023-3597 - Keycloak: secondary factor bypass in step-up authentication

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.5

CVSS3.1

CVE-2024-24485 -

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 1:39 p.m.

8.8

CVSS3.1

CVE-2024-22014 -

An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: June 30, 2025, 2:26 p.m.

5.4

CVSS3.1

CVE-2020-22540 -

Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 4:54 p.m.

6.1

CVSS3.1

CVE-2024-31652 -

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 2:19 p.m.

9.8

CVSS3.1

CVE-2024-28056 -

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRo…

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: June 30, 2025, 2:40 p.m.

6.8

CVSS3.1

CVE-2024-24487 -

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 1:39 p.m.
Total resulsts: 349182
Page 10301 of 34,919
Β« previous page Β» next page
Filters