8.8

CVSS3.0

CVE-2024-0637 - Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateDirectory func…

📅 Published: April 1, 2024, 9:45 p.m. 🔄 Last Modified: Aug. 7, 2025, 5:21 p.m.

4.5

CVSS3.1

CVE-2024-3165 - Database Credential Exposure in the Logs

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.   OWASP Top 10 - A05) Insecure Design OWASP …

📅 Published: April 1, 2024, 9:38 p.m. 🔄 Last Modified: June 27, 2025, 2:06 p.m.

4.5

CVSS3.1

CVE-2024-3164 -

In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenan…

📅 Published: April 1, 2024, 9:27 p.m. 🔄 Last Modified: June 27, 2025, 2:06 p.m.

9.8

CVSS3.0

CVE-2023-51573 - Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypas…

Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerab…

📅 Published: April 1, 2024, 9:18 p.m. 🔄 Last Modified: July 7, 2025, 8:40 p.m.

9.8

CVSS3.0

CVE-2023-51572 - Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerabili…

Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The …

📅 Published: April 1, 2024, 9:18 p.m. 🔄 Last Modified: July 7, 2025, 8:40 p.m.

7.5

CVSS3.0

CVE-2023-51571 - Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability

Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerabi…

📅 Published: April 1, 2024, 9:17 p.m. 🔄 Last Modified: July 7, 2025, 8:40 p.m.

9.8

CVSS3.0

CVE-2023-51570 - Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability

Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The sp…

📅 Published: April 1, 2024, 9:14 p.m. 🔄 Last Modified: July 7, 2025, 8:40 p.m.

6.5

CVSS3.0

CVE-2024-3135 - Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai

A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers …

📅 Published: April 1, 2024, 6:45 p.m. 🔄 Last Modified: June 27, 2025, 3:58 p.m.

6.2

CVSS3.1

CVE-2024-28232 - Username Enumeration in CasaOS via bypass of CVE-2024-24766

Go package IceWhaleTech/CasaOS-UserService provides user management functionalities to CasaOS. The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in version 0.4.7. This issue in CVE-2024-28232 has been patched in version 0.4.8 but that ve…

📅 Published: April 1, 2024, 4:42 p.m. 🔄 Last Modified: June 24, 2025, 4:33 p.m.

6.3

CVSS3.1

CVE-2024-3131 - SourceCodester Computer Laboratory Management System sql injection

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection. The attack can be initiated r…

📅 Published: April 1, 2024, 4:31 p.m. 🔄 Last Modified: Jan. 24, 2025, 4:27 p.m.
Total resulsts: 349182
Page 10487 of 34,919
« previous page » next page
Filters