5.2

CVSS3.1

CVE-2024-56199 - phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user i…

πŸ“… Published: Jan. 2, 2025, 5:27 p.m. πŸ”„ Last Modified: Aug. 14, 2025, 5:54 p.m.

6.3

CVSS4.0

CVE-2024-11717 -

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to c…

πŸ“… Published: Jan. 2, 2025, 4:08 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-11716 -

While assignment of a user to a team (bracket) inΒ CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts relea…

πŸ“… Published: Jan. 2, 2025, 4:07 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2024-12907 - XSS in Kentico 7

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent toΒ /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerabili…

πŸ“… Published: Jan. 2, 2025, 3:59 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.5

CVSS4.0

CVE-2024-9950 - Abuse of Unauthenticated Compliance Recheck in SecureConnector

A vulnerability in Forescout SecureConnector v11.3.07.0109Β on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory.

πŸ“… Published: Jan. 2, 2025, 3:40 p.m. πŸ”„ Last Modified: Oct. 17, 2025, 6:13 p.m.

5.3

CVSS4.0

CVE-2025-0172 - code-projects Chat System deleteroom.php sql injection

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has …

πŸ“… Published: Jan. 2, 2025, 3:31 p.m. πŸ”„ Last Modified: April 3, 2025, 2:16 p.m.

3.1

CVSS3.0

CVE-2024-55541 -

Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.

πŸ“… Published: Jan. 2, 2025, 3:26 p.m. πŸ”„ Last Modified: Jan. 2, 2025, 4:52 p.m.

4.4

CVSS3.0

CVE-2024-55542 -

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.

πŸ“… Published: Jan. 2, 2025, 3:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.0

CVE-2024-56414 -

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

πŸ“… Published: Jan. 2, 2025, 3:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.0

CVE-2024-56413 -

Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

πŸ“… Published: Jan. 2, 2025, 3:26 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7294 of 34,919
Β« previous page Β» next page
Filters