4.6

CVSS3.1

CVE-2024-37649 -

Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials.

πŸ“… Published: Dec. 18, 2024, midnight πŸ”„ Last Modified: Dec. 31, 2024, 8:16 p.m.

8.8

CVSS3.1

CVE-2024-56116 -

A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account.

πŸ“… Published: Dec. 18, 2024, midnight πŸ”„ Last Modified: April 23, 2025, 9:34 p.m.

8.1

CVSS3.1

CVE-2024-56174 -

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.

πŸ“… Published: Dec. 18, 2024, midnight πŸ”„ Last Modified: June 5, 2025, 8:59 p.m.

7.5

CVSS3.1

CVE-2024-56318 -

In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service.

πŸ“… Published: Dec. 18, 2024, midnight πŸ”„ Last Modified: Jan. 2, 2025, 8:16 p.m.

5.3

CVSS3.1

CVE-2024-56170 -

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays…

πŸ“… Published: Dec. 18, 2024, midnight πŸ”„ Last Modified: April 22, 2025, 3:35 p.m.

6.5

CVSS3.1

CVE-2024-52792 - Arbitrary config values override in lam

LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config …

πŸ“… Published: Dec. 17, 2024, 9:46 p.m. πŸ”„ Last Modified: Dec. 18, 2024, 3:37 p.m.

4.8

CVSS4.0

CVE-2024-56142 - Path Traversal in pghoard

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the …

πŸ“… Published: Dec. 17, 2024, 9:41 p.m. πŸ”„ Last Modified: Dec. 18, 2024, 4:15 p.m.

4.8

CVSS3.1

CVE-2023-37940 -

Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted p…

πŸ“… Published: Dec. 17, 2024, 9:30 p.m. πŸ”„ Last Modified: Jan. 28, 2025, 9:18 p.m.

6

CVSS4.0

CVE-2024-12539 - Elasticsearch Incorrect Authorization

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

πŸ“… Published: Dec. 17, 2024, 8:50 p.m. πŸ”„ Last Modified: Feb. 4, 2025, 3:16 p.m.

4.6

CVSS4.0

CVE-2024-11993 -

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

πŸ“… Published: Dec. 17, 2024, 8:24 p.m. πŸ”„ Last Modified: March 28, 2025, 8:15 p.m.
Total resulsts: 343923
Page 6905 of 34,393
Β« previous page Β» next page
Filters