4.8

CVSS3.1

CVE-2024-41453 -

A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-57021 -

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: March 20, 2025, 3:15 p.m.

7.8

CVSS3.1

CVE-2024-57887 - drm: adv7511: Fix use-after-free in adv7533_attach_dsi()

In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue byΒ dropping of_node_put() i…

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 9:18 p.m.

8.8

CVSS3.1

CVE-2024-57012 -

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg.

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: March 14, 2025, 4:15 p.m.

6.8

CVSS3.1

CVE-2024-57024 -

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg.

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: April 7, 2025, 6:10 p.m.

8.8

CVSS3.1

CVE-2024-57011 -

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg.

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: March 17, 2025, 5:15 p.m.

6.5

CVSS3.1

CVE-2024-39967 -

Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command.

πŸ“… Published: Jan. 15, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-53277 - Cross-site Scripting in form messages in silverstripe framework

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There…

πŸ“… Published: Jan. 14, 2025, 10:45 p.m. πŸ”„ Last Modified: Sept. 4, 2025, 5:13 p.m.

5.4

CVSS3.1

CVE-2024-47605 - Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin

silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload …

πŸ“… Published: Jan. 14, 2025, 10:42 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.1

CVSS3.1

CVE-2024-54142 - Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse

Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been…

πŸ“… Published: Jan. 14, 2025, 10:39 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7115 of 34,919
Β« previous page Β» next page
Filters