7.5

CVSS3.1

CVE-2024-29840 - Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenti…

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user

📅 Published: April 14, 2024, 11:48 p.m. 🔄 Last Modified: Dec. 10, 2025, 5:38 p.m.

7.5

CVSS3.1

CVE-2024-29839 - Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated …

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user

📅 Published: April 14, 2024, 11:48 p.m. 🔄 Last Modified: Dec. 10, 2025, 5:25 p.m.

7.5

CVSS3.1

CVE-2024-29838 - Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service …

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software

📅 Published: April 14, 2024, 11:47 p.m. 🔄 Last Modified: Dec. 10, 2025, 5:37 p.m.

8.8

CVSS3.1

CVE-2024-29837 - Poor session management in Evolution Controller allows administrator functionality for unauthentica…

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

📅 Published: April 14, 2024, 11:47 p.m. 🔄 Last Modified: Dec. 10, 2025, 5:37 p.m.

9.8

CVSS3.1

CVE-2024-29836 - Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creatio…

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site.

📅 Published: April 14, 2024, 11:47 p.m. 🔄 Last Modified: Dec. 10, 2025, 5:36 p.m.

2.4

CVSS3.1

CVE-2024-3766 - slowlyo OwlAdmin Image File Upload upload_image cross site scripting

A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/upload_image of the component Image File Upload. The manipulation of the argument file leads to cross site scripting. The…

📅 Published: April 14, 2024, 11:31 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-3765 - Xiongmai AHB7804R-MH-V2 Sofia Service access control

A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff000…

📅 Published: April 14, 2024, 11 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

2.7

CVSS3.1

CVE-2024-3764 - Tuya SDK MQTT Packet denial of service

** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the pub…

📅 Published: April 14, 2024, 10:31 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

2.4

CVSS3.1

CVE-2024-3763 - Emlog Pro Post Tag tag.php cross site scripting

A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclo…

📅 Published: April 14, 2024, 10 p.m. 🔄 Last Modified: March 5, 2025, 6:25 p.m.

2.4

CVSS3.1

CVE-2024-3762 - Emlog Pro Whisper Page twitter.php cross site scripting

A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclo…

📅 Published: April 14, 2024, 8 p.m. 🔄 Last Modified: March 5, 2025, 6:25 p.m.
Total resulsts: 349182
Page 10303 of 34,919
« previous page » next page
Filters