8.7
CVE-2024-58306 - minaliC 2.0.0 Denial of Service Vulnerability via Large GET Request
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.
5.3
CVE-2024-58304 - SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary cβ¦
8.6
CVE-2024-58303 - FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
6.9
CVE-2024-58302 - FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email geβ¦
9.3
CVE-2024-58301 - Purei CMS 1.0 SQL Injection via Multiple Vulnerable Endpoints
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially eβ¦
8.7
CVE-2024-58300 - Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability
Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling diβ¦
8.8
CVE-2025-66419 - MaxKB vulnerable to privilege escalation through sandbox bypass
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
9.2
CVE-2024-58298 - Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrβ¦
5.3
CVE-2024-58297 - PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.
5.3
CVE-2024-58296 - CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.