4.6

CVSS3.1

CVE-2024-13126 - Download Manager < 3.3.07 - Unauthenticated Data Exposure

The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.

πŸ“… Published: March 16, 2025, 6 a.m. πŸ”„ Last Modified: March 17, 2025, 7:15 p.m.

5.1

CVSS4.0

CVE-2025-2335 - Drivin Soluçáes API registerSchool cross site scripting

A vulnerability classified as problematic was found in Drivin Soluçáes up to 20250226. This vulnerability affects unknown code of the file /api/school/registerSchool of the component API Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated rem…

πŸ“… Published: March 16, 2025, 2:31 a.m. πŸ”„ Last Modified: March 17, 2025, 6:14 p.m.

7.7

CVSS3.1

CVE-2022-49737 -

In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input loc…

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

7.8

CVSS3.1

CVE-2025-30074 -

Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:03 p.m.

7.7

CVSS3.1

CVE-2025-30076 -

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

4.2

CVSS3.1

CVE-2025-24856 -

An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker can anticipate the …

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 3:44 p.m.

5.4

CVSS3.1

CVE-2025-30089 -

gurk (aka gurk-rs) through 0.6.3 mishandles ANSI escape sequences.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

5.8

CVSS3.1

CVE-2024-58103 -

Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 3:50 p.m.

6.2

CVSS3.1

CVE-2025-30077 -

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.

πŸ“… Published: March 16, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.

5.3

CVSS4.0

CVE-2025-2334 - 274056675 springboot-openai-chatgpt Chat History chat deleteChat access control

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access co…

πŸ“… Published: March 15, 2025, 11 p.m. πŸ”„ Last Modified: March 17, 2025, 4:15 p.m.
Total resulsts: 285663
Page 24 of 28,567
Β« previous page Β» next page
Filters