8.8

CVSS3.1

CVE-2024-31442 - Redon-Hub has incorrect permissions on all admin related commands

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command i…

πŸ“… Published: April 8, 2024, 3:33 p.m. πŸ”„ Last Modified: Jan. 7, 2026, 8:02 p.m.

6.3

CVSS3.1

CVE-2024-3455 - Netentsec NS-ASG Application Security Gateway add_postlogin.php sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add_postlogin.php. The manipulation of the argument SingleLoginId leads to sql injection. The attack can be…

πŸ“… Published: April 8, 2024, 3:31 p.m. πŸ”„ Last Modified: Feb. 7, 2025, 3:09 p.m.

6.3

CVSS3.1

CVE-2024-3445 - SourceCodester Laundry Management System laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The…

πŸ“… Published: April 8, 2024, 3:31 p.m. πŸ”„ Last Modified: Jan. 17, 2025, 1:48 p.m.

9.8

CVSS3.1

CVE-2024-31224 - GPT Academic: Pickle deserializing cookies may pose RCE risk

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Int…

πŸ“… Published: April 8, 2024, 3:24 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 6:38 p.m.

5.9

CVSS3.1

CVE-2024-31221 - Clients removed during unpairing process may regain access if Sunshine was not restarted

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the i…

πŸ“… Published: April 8, 2024, 3:10 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 9:41 p.m.

4.7

CVSS3.1

CVE-2024-3444 - Wangshen SecGate 3600 ?g=net_pro_keyword_import_save unrestricted upload

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The…

πŸ“… Published: April 8, 2024, 3 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.5

CVSS3.1

CVE-2024-3443 - SourceCodester Prison Management System apply_leave.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. This vulnerability affects unknown code of the file /Employee/apply_leave.php. The manipulation of the argument txtstart_date/txtend_date leads to cross site scripting. The attack can be initiated re…

πŸ“… Published: April 8, 2024, 3 p.m. πŸ”„ Last Modified: Feb. 10, 2025, 4:11 p.m.

6.3

CVSS3.1

CVE-2024-3442 - SourceCodester Prison Management System delete_leave.php sql injection

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. This affects an unknown part of the file /Employee/delete_leave.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the p…

πŸ“… Published: April 8, 2024, 2:31 p.m. πŸ”„ Last Modified: Feb. 10, 2025, 4:12 p.m.

4.2

CVSS3.1

CVE-2024-31205 - Saleor CSRF bypass in refreshToken mutation

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string…

πŸ“… Published: April 8, 2024, 2:26 p.m. πŸ”„ Last Modified: Jan. 7, 2026, 8:05 p.m.

5.3

CVSS3.1

CVE-2024-30269 - DataEase has database configuration information exposure vulnerability

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has…

πŸ“… Published: April 8, 2024, 2:19 p.m. πŸ”„ Last Modified: Feb. 12, 2025, 5:50 p.m.
Total resulsts: 349182
Page 10396 of 34,919
Β« previous page Β» next page
Filters