4.8

CVSS3.1

CVE-2024-57599 -

Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: July 3, 2025, 1:16 a.m.

9.8

CVSS3.1

CVE-2022-40916 -

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: Dec. 31, 2025, 7:40 p.m.

9.8

CVSS3.1

CVE-2024-57430 -

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 12:12 a.m.

6.3

CVSS3.1

CVE-2020-36085 -

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply For This Job Form.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: Feb. 11, 2025, 3:15 p.m.

4.5

CVSS3.1

CVE-2024-57523 -

Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 8:06 p.m.

9.3

CVSS3.1

CVE-2024-57428 -

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, …

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 12:13 a.m.

8.1

CVSS3.1

CVE-2024-54909 -

A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: Feb. 12, 2025, 3:15 p.m.

8.6

CVSS3.1

CVE-2024-57609 -

An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: Feb. 10, 2025, 10:15 p.m.

8.8

CVSS3.1

CVE-2025-23093 -

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an at…

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: Feb. 12, 2025, 3:15 p.m.

5.3

CVSS3.1

CVE-2024-25883 -

The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors.

πŸ“… Published: Feb. 6, 2025, midnight πŸ”„ Last Modified: Feb. 11, 2025, 2:34 p.m.
Total resulsts: 344055
Page 6320 of 34,406
Β« previous page Β» next page
Filters