6.3

CVSS3.1

CVE-2024-3314 - SourceCodester Computer Laboratory Management System Users.php sql injection

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was a…

πŸ“… Published: April 4, 2024, 9 p.m. πŸ”„ Last Modified: Jan. 22, 2025, 5:47 p.m.

6.1

CVSS3.1

CVE-2024-31204 - mailcow Cross-site Scripting Vulnerability via Exception Handler

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability resides in the exception handling mechanism, specifically when not operating in DEV_MODE. The system saves exc…

πŸ“… Published: April 4, 2024, 8:37 p.m. πŸ”„ Last Modified: Oct. 6, 2025, 3:31 p.m.

6.3

CVSS3.1

CVE-2024-3311 - Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit…

πŸ“… Published: April 4, 2024, 8:31 p.m. πŸ”„ Last Modified: April 4, 2025, 4:35 p.m.

6.2

CVSS3.1

CVE-2024-30270 - mailcow Path Traversal and Arbitrary Code Execution Vulnerability

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the `rspamd_maps()` fu…

πŸ“… Published: April 4, 2024, 8:27 p.m. πŸ”„ Last Modified: Oct. 6, 2025, 3:10 p.m.

8.1

CVSS3.1

CVE-2024-30264 - typebot.io: `GHSL-2024-040`

Typebot is an open-source chatbot builder. A reflected cross-site scripting (XSS) in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the `redirectPath` parameter from the URL. If a user clicks on a link where the `redir…

πŸ“… Published: April 4, 2024, 8:18 p.m. πŸ”„ Last Modified: Jan. 30, 2026, 2:12 p.m.

8.2

CVSS3.1

CVE-2024-22053 -

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory.

πŸ“… Published: April 4, 2024, 7:45 p.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:55 a.m.

7.5

CVSS3.1

CVE-2024-22052 -

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack

πŸ“… Published: April 4, 2024, 7:45 p.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:55 a.m.

5.3

CVSS3.1

CVE-2024-22023 -

An XML entity expansion or XEE vulnerability in SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated attacker to send specially crafted XML requests in-order-to temporarily cause resource exhaustion thereby resulting in a limited-time DoS.

πŸ“… Published: April 4, 2024, 7:45 p.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:55 a.m.

5.8

CVSS3.1

CVE-2024-30254 - Directory traversal allowing overwriting arbitrary files

MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 cont…

πŸ“… Published: April 4, 2024, 7 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.6

CVSS3.1

CVE-2024-30252 - GitHub Security Lab (GHSL) Vulnerability Report, livemarks: `GHSL-2024-015`

Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a …

πŸ“… Published: April 4, 2024, 6:57 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10430 of 34,919
Β« previous page Β» next page
Filters