7.5

CVSS3.1

CVE-2024-30250 - In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allo…

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid `integrity` attributes to…

πŸ“… Published: April 4, 2024, 2:57 p.m. πŸ”„ Last Modified: Sept. 19, 2025, 4 p.m.

6.1

CVSS3.1

CVE-2024-29191 - GHSL-2023-205 gotortc DOM-based Cross-site Scripting vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), …

πŸ“… Published: April 4, 2024, 2:52 p.m. πŸ”„ Last Modified: Sept. 2, 2025, 3:24 p.m.

6.1

CVSS3.1

CVE-2024-29182 - Collabora Online Stored Cross-Site-Scripting vulnerability via tooltip

Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be…

πŸ“… Published: April 4, 2024, 2:48 p.m. πŸ”„ Last Modified: Sept. 23, 2025, 12:54 a.m.

7.5

CVSS3.1

CVE-2024-28871 - Excessive CPU used on malformed traffic

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available.

πŸ“… Published: April 4, 2024, 2:46 p.m. πŸ”„ Last Modified: June 30, 2025, 2:54 p.m.

6.5

CVSS3.1

CVE-2024-3250 -

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, a…

πŸ“… Published: April 4, 2024, 2:29 p.m. πŸ”„ Last Modified: Aug. 26, 2025, 5:17 p.m.

7.5

CVSS3.1

CVE-2024-2759 - Improper access control in Apaczka plugin for PrestaShop

Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.

πŸ“… Published: April 4, 2024, 1:23 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-3262 - Information exposure vulnerability in Request Tracker (RT)

Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cach…

πŸ“… Published: April 4, 2024, 9:21 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-20800 - Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they bro…

πŸ“… Published: April 4, 2024, 8:59 a.m. πŸ”„ Last Modified: Dec. 3, 2024, 2:16 p.m.

6.4

CVSS3.1

CVE-2024-29008 - Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM insta…

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not …

πŸ“… Published: April 4, 2024, 7:51 a.m. πŸ”„ Last Modified: June 30, 2025, 3 p.m.

7.3

CVSS3.1

CVE-2024-29007 - Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP r…

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0…

πŸ“… Published: April 4, 2024, 7:49 a.m. πŸ”„ Last Modified: Sept. 2, 2025, 9:14 p.m.
Total resulsts: 349182
Page 10434 of 34,919
Β« previous page Β» next page
Filters