5.3

CVSS3.1

CVE-2024-11771 -

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.

πŸ“… Published: Feb. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: July 14, 2025, 5:27 p.m.

9.1

CVSS3.1

CVE-2024-47908 -

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.

πŸ“… Published: Feb. 11, 2025, 3:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 7:09 p.m.

8.1

CVSS3.1

CVE-2025-24896 - Misskey allows token to remain valid in cookie after signing out

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary aff…

πŸ“… Published: Feb. 11, 2025, 3:14 p.m. πŸ”„ Last Modified: Feb. 20, 2025, 3:48 p.m.

5.7

CVSS4.0

CVE-2024-33659 - BiosGuard Buffer Overflow and TOCTOU Vulnerability

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and…

πŸ“… Published: Feb. 11, 2025, 3 p.m. πŸ”„ Last Modified: Oct. 2, 2025, 2:35 p.m.

6.3

CVSS3.1

CVE-2024-12797 - RFC7250 handshakes with unauthenticated servers don't abort as expected

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: TLS and DTLS connections using raw public key…

πŸ“… Published: Feb. 11, 2025, 3 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2025-1231 -

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.

πŸ“… Published: Feb. 11, 2025, 2:05 p.m. πŸ”„ Last Modified: March 28, 2025, 4:22 p.m.

7.7

CVSS3.1

CVE-2025-26492 -

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

πŸ“… Published: Feb. 11, 2025, 1:56 p.m. πŸ”„ Last Modified: May 16, 2025, 2:51 p.m.

4.6

CVSS3.1

CVE-2025-26493 -

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

πŸ“… Published: Feb. 11, 2025, 1:56 p.m. πŸ”„ Last Modified: May 16, 2025, 2:51 p.m.

9.8

CVSS3.1

CVE-2024-12366 - CVE-2024-12366

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.

πŸ“… Published: Feb. 11, 2025, 12:42 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS4.0

CVE-2025-0588 -

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors rendering the site mostly u…

πŸ“… Published: Feb. 11, 2025, 11:22 a.m. πŸ”„ Last Modified: July 2, 2025, 5:24 p.m.
Total resulsts: 349182
Page 6794 of 34,919
Β« previous page Β» next page
Filters