9.1

CVSS3.1

CVE-2024-10644 -

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

πŸ“… Published: Feb. 11, 2025, 3:20 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:09 p.m.

8.2

CVSS3.1

CVE-2025-24897 - Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be subjec…

πŸ“… Published: Feb. 11, 2025, 3:20 p.m. πŸ”„ Last Modified: Nov. 26, 2025, 4:32 p.m.

9.9

CVSS3.1

CVE-2025-22467 -

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.

πŸ“… Published: Feb. 11, 2025, 3:20 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:09 p.m.

5.3

CVSS3.1

CVE-2024-11771 -

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

πŸ“… Published: Feb. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: July 14, 2025, 5:27 p.m.

9.1

CVSS3.1

CVE-2024-47908 -

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

πŸ“… Published: Feb. 11, 2025, 3:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:09 p.m.

8.1

CVSS3.1

CVE-2025-24896 - Misskey allows token to remain valid in cookie after signing out

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary aff…

πŸ“… Published: Feb. 11, 2025, 3:14 p.m. πŸ”„ Last Modified: Feb. 20, 2025, 3:48 p.m.

5.7

CVSS4.0

CVE-2024-33659 - BiosGuard Buffer Overflow and TOCTOU Vulnerability

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and…

πŸ“… Published: Feb. 11, 2025, 3 p.m. πŸ”„ Last Modified: Oct. 2, 2025, 2:35 p.m.

6.3

CVSS3.1

CVE-2024-12797 - RFC7250 handshakes with unauthenticated servers don't abort as expected

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public key…

πŸ“… Published: Feb. 11, 2025, 3 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 2:15 p.m.

5.4

CVSS3.1

CVE-2025-1231 -

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.

πŸ“… Published: Feb. 11, 2025, 2:05 p.m. πŸ”„ Last Modified: March 28, 2025, 4:22 p.m.

7.7

CVSS3.1

CVE-2025-26492 -

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

πŸ“… Published: Feb. 11, 2025, 1:56 p.m. πŸ”„ Last Modified: May 16, 2025, 2:51 p.m.
Total resulsts: 343924
Page 6268 of 34,393
Β« previous page Β» next page
Filters