8.5
CVE-2024-12677 - Delta Electronics DTM Soft Deserialization of Untrusted Data
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.
8.6
CVE-2024-10385 - Stored XSS in DirectAdmin Evo Skin
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution.ย Tโฆ
9.8
CVE-2024-56337 - Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affeโฆ
5.9
CVE-2024-56356 -
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
4.6
CVE-2024-56355 -
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
5.5
CVE-2024-56354 -
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
5.5
CVE-2024-56353 -
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
4.6
CVE-2024-56352 -
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
6.3
CVE-2024-56351 -
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
4.3
CVE-2024-56350 -
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects