4.8

CVSS3.1

CVE-2024-57097 -

ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: May 13, 2025, 7:15 p.m.

7.5

CVSS3.1

CVE-2024-57451 -

ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: May 13, 2025, 7:31 p.m.

9.8

CVSS3.1

CVE-2024-57099 -

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: May 13, 2025, 7:57 p.m.

8.1

CVSS3.1

CVE-2024-56903 -

Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-57004 -

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: Dec. 22, 2025, 4:03 p.m.

6.5

CVSS3.1

CVE-2024-55456 -

lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: April 15, 2025, 5:07 p.m.

7.3

CVSS3.1

CVE-2024-57238 -

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.

πŸ“… Published: Feb. 3, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-0971 - Zenvia Movidesk Profile Editing EditProfile cross site scripting

A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack …

πŸ“… Published: Feb. 2, 2025, 11:31 p.m. πŸ”„ Last Modified: Oct. 10, 2025, 2:57 p.m.

6.9

CVSS4.0

CVE-2025-0970 - Zenvia Movidesk Login redirect

A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Account/Login. The manipulation of the argument ReturnUrl leads to open redirect. The attack can be launched remotely. The exploi…

πŸ“… Published: Feb. 2, 2025, 11 p.m. πŸ”„ Last Modified: Oct. 10, 2025, 2:56 p.m.

5.3

CVSS4.0

CVE-2025-0967 - code-projects Chat System add_chatroom.php sql injection

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/add_chatroom.php. The manipulation of the argument chatname/chatpass leads to sql injection. The attack may be initiated remotely. The exploit has been…

πŸ“… Published: Feb. 2, 2025, 3:31 p.m. πŸ”„ Last Modified: Oct. 23, 2025, 8:06 p.m.
Total resulsts: 349182
Page 6880 of 34,919
Β« previous page Β» next page
Filters