8.8

CVSS3.1

CVE-2024-29022 - Session Hijacking via XSS attack in header and session grid in Xibo CMS

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into …

πŸ“… Published: April 12, 2024, 9:04 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.2

CVSS3.1

CVE-2024-29023 - Session Hijacking via token exposure on the session page in Xibo CMS

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be grante…

πŸ“… Published: April 12, 2024, 9 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS3.1

CVE-2024-32005 - Local File Inclusion in NiceGUI leaflet component

NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has acces…

πŸ“… Published: April 12, 2024, 8:38 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-32019 - ndsudo: local privilege escalation via untrusted search path

Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs…

πŸ“… Published: April 12, 2024, 8:33 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-32003 - Dusk plugin may allow unfettered user authentication in misconfigured installs

wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment (such as headless Chrome) to act as a user in the Backend or User plugin without havin…

πŸ“… Published: April 12, 2024, 8:21 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-32000 - Truncated content of messages can be leaked from matrix-appservice-irc

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack, th…

πŸ“… Published: April 12, 2024, 8:02 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2024-3698 - Campcodes House Rental Management System manage_payment.php sql injection

A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. Th…

πŸ“… Published: April 12, 2024, 5 p.m. πŸ”„ Last Modified: March 4, 2025, 5:47 p.m.

5.9

CVSS3.1

CVE-2024-0157 -

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

πŸ“… Published: April 12, 2024, 4:59 p.m. πŸ”„ Last Modified: Feb. 4, 2025, 5:08 p.m.

6.3

CVSS3.1

CVE-2024-22358 - IBM UrbanCode Deploy session fixation

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 28…

πŸ“… Published: April 12, 2024, 4:53 p.m. πŸ”„ Last Modified: Jan. 29, 2025, 9:29 p.m.

4.3

CVSS3.1

CVE-2024-22339 - IBM UrbanCode Deploy information disclosure

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.

πŸ“… Published: April 12, 2024, 4:51 p.m. πŸ”„ Last Modified: Jan. 29, 2025, 9:27 p.m.
Total resulsts: 349182
Page 10306 of 34,919
Β« previous page Β» next page
Filters