6.1

CVSS3.1

CVE-2024-31648 -

Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: June 20, 2025, 7:14 p.m.

7.2

CVSS3.1

CVE-2020-22539 -

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 6:33 p.m.

5.3

CVSS3.1

CVE-2023-45503 -

SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, …

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 18, 2025, 6:34 p.m.

5.9

CVSS3.1

CVE-2024-31497 -

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. Th…

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 10:16 p.m.

9.6

CVSS3.1

CVE-2024-31650 -

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: April 10, 2025, 2:20 p.m.

6.1

CVSS3.1

CVE-2024-31651 -

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.

πŸ“… Published: April 15, 2024, midnight πŸ”„ Last Modified: June 20, 2025, 7:13 p.m.

9.8

CVSS3.1

CVE-2024-29844 - Default credentials on web interface of Evolution Controller Versions allows attackers to login and…

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user…

πŸ“… Published: April 14, 2024, 11:48 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:39 p.m.

7.5

CVSS3.1

CVE-2024-29843 - Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user …

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels

πŸ“… Published: April 14, 2024, 11:48 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:38 p.m.

7.5

CVSS3.1

CVE-2024-29842 - Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauth…

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user

πŸ“… Published: April 14, 2024, 11:48 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:38 p.m.

7.5

CVSS3.1

CVE-2024-29841 - Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthent…

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user

πŸ“… Published: April 14, 2024, 11:48 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:37 p.m.
Total resulsts: 349182
Page 10302 of 34,919
Β« previous page Β» next page
Filters