5.4

CVSS3.1

CVE-2024-40745 - Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component for…

Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.

πŸ“… Published: Dec. 4, 2024, 3:02 p.m. πŸ”„ Last Modified: June 4, 2025, 8:57 p.m.

9.8

CVSS3.1

CVE-2024-40744 - Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.

πŸ“… Published: Dec. 4, 2024, 3:01 p.m. πŸ”„ Last Modified: June 4, 2025, 8:57 p.m.

0.0

CVE-2024-12161 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Dec. 4, 2024, 2:30 p.m. πŸ”„ Last Modified: Feb. 11, 2025, 2:15 a.m.

2.3

CVSS4.0

CVE-2024-12056 - Client Secret not checked with OAuth Password grant type

The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit t…

πŸ“… Published: Dec. 4, 2024, 2:30 p.m. πŸ”„ Last Modified: July 12, 2025, 4:01 p.m.

8.8

CVSS3.1

CVE-2024-51465 - IBM App Connect Enterprise Certified Container command execution

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3Β could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

πŸ“… Published: Dec. 4, 2024, 2:08 p.m. πŸ”„ Last Modified: Aug. 14, 2025, 1:17 a.m.

5.3

CVSS3.1

CVE-2024-7488 - Business Logic Error in RestApp Inc.'s Online Ordering System

Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.

πŸ“… Published: Dec. 4, 2024, 2:03 p.m. πŸ”„ Last Modified: Oct. 21, 2025, 2:09 p.m.

0.0

CVE-2024-12154 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Dec. 4, 2024, 2:01 p.m. πŸ”„ Last Modified: July 5, 2025, 11:15 p.m.

5.3

CVSS4.0

CVE-2024-12138 - horilla create_skills deserialization

A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated …

πŸ“… Published: Dec. 4, 2024, 2 p.m. πŸ”„ Last Modified: Sept. 19, 2025, 3:32 p.m.

6.4

CVSS3.1

CVE-2024-11935 - Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via c…

The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve…

πŸ“… Published: Dec. 4, 2024, 12:37 p.m. πŸ”„ Last Modified: Dec. 4, 2024, 2:09 p.m.

9.4

CVSS4.0

CVE-2024-10576 - Unauthorized factory reset of Infinix devices

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, thatΒ exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.Β  After multiple attempts to contact th…

πŸ“… Published: Dec. 4, 2024, 12:02 p.m. πŸ”„ Last Modified: Dec. 4, 2024, 9:01 p.m.
Total resulsts: 342218
Page 6929 of 34,222
Β« previous page Β» next page
Filters