8

CVSS3.1

CVE-2024-37774 -

A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: June 20, 2025, 6:15 p.m.

6.1

CVSS3.1

CVE-2024-56112 -

CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: Sept. 5, 2025, 12:30 a.m.

8.1

CVSS3.1

CVE-2024-56083 -

Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a scrโ€ฆ

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: Dec. 16, 2024, 5:15 p.m.

4.8

CVSS3.1

CVE-2024-55451 -

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend usโ€ฆ

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: April 24, 2025, 3:26 p.m.

5.4

CVSS3.1

CVE-2024-55452 -

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated usโ€ฆ

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: April 24, 2025, 3:20 p.m.

4.8

CVSS3.1

CVE-2024-37773 -

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: June 20, 2025, 6:14 p.m.

7.5

CVSS3.1

CVE-2024-37775 -

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: June 20, 2025, 6:16 p.m.

5.4

CVSS3.1

CVE-2024-55554 -

Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: Dec. 17, 2024, 5:15 p.m.

9.8

CVSS3.1

CVE-2024-55085 -

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: April 17, 2025, 1:57 a.m.

4.8

CVSS3.1

CVE-2024-37776 -

A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.

๐Ÿ“… Published: Dec. 16, 2024, midnight ๐Ÿ”„ Last Modified: June 20, 2025, 6:16 p.m.
Total resulsts: 344670
Page 7008 of 34,467
ยซ previous page ยป next page
Filters