3.1

CVSS3.1

CVE-2024-3180 - Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS i…

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this vul…

📅 Published: April 3, 2024, 7 p.m. 🔄 Last Modified: Dec. 16, 2024, 7:04 p.m.

7.5

CVSS3.1

CVE-2024-0335 - Malformed Packet Handling

ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1…

📅 Published: April 3, 2024, 6:53 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

3.1

CVSS3.1

CVE-2024-3179 - Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XS…

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The Con…

📅 Published: April 3, 2024, 6:50 p.m. 🔄 Last Modified: Dec. 16, 2024, 7:03 p.m.

3.1

CVSS3.1

CVE-2024-3178 - Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scriptin…

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Prior to the fix, a rogue administrator could add malicious code in the file manager because of insufficient validation of administrator provided data. All …

📅 Published: April 3, 2024, 6:31 p.m. 🔄 Last Modified: Dec. 16, 2024, 7:02 p.m.

2

CVSS3.1

CVE-2024-2753 - Concrete CMS version 9 below 9.2.8 and below 8.5.16 is vulnerable to stored XSS on the calendar col…

Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without escaping. A rogue administrator could inject malicious javascript into the Calendar Color Settings screen…

📅 Published: April 3, 2024, 6:13 p.m. 🔄 Last Modified: Dec. 16, 2024, 7:01 p.m.

5.3

CVSS3.1

CVE-2024-23540 - HCL BigFix Inventory is vulnerable to path traversal

The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file.

📅 Published: April 3, 2024, 4:32 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.0

CVSS3.1

CVE-2024-1180 - TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue ex…

📅 Published: April 3, 2024, 4:30 p.m. 🔄 Last Modified: Aug. 8, 2025, 6:26 p.m.

4.9

CVSS3.1

CVE-2024-20352 -

A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected …

📅 Published: April 3, 2024, 4:27 p.m. 🔄 Last Modified: May 7, 2025, 4:15 p.m.

4.3

CVSS3.1

CVE-2024-20347 -

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An at…

📅 Published: April 3, 2024, 4:27 p.m. 🔄 Last Modified: April 11, 2025, 3:47 p.m.

6.1

CVSS3.1

CVE-2024-20362 -

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insuffi…

📅 Published: April 3, 2024, 4:25 p.m. 🔄 Last Modified: Aug. 5, 2025, 2:44 p.m.
Total resulsts: 349182
Page 10443 of 34,919
« previous page » next page
Filters