9.8

CVSS3.1

CVE-2024-11313 - TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

πŸ“… Published: Nov. 18, 2024, 6:39 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:16 p.m.

9.8

CVSS3.1

CVE-2024-11312 - TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

πŸ“… Published: Nov. 18, 2024, 6:35 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:16 p.m.

9.8

CVSS3.1

CVE-2024-11311 - TRCore DVC - Arbitrary File Upload through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

πŸ“… Published: Nov. 18, 2024, 6:24 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

7.5

CVSS3.1

CVE-2024-11310 - TRCore DVC - Arbitrary File Read through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

πŸ“… Published: Nov. 18, 2024, 6:07 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

7.5

CVSS3.1

CVE-2024-11309 - TRCore DVC - Arbitrary File Read through Path Traversal

The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

πŸ“… Published: Nov. 18, 2024, 6:02 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

3.8

CVSS3.1

CVE-2024-5030 - CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF

The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack

πŸ“… Published: Nov. 18, 2024, 6 a.m. πŸ”„ Last Modified: May 15, 2025, 6:02 p.m.

6.2

CVSS3.1

CVE-2024-11308 - TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

πŸ“… Published: Nov. 18, 2024, 5:59 a.m. πŸ”„ Last Modified: Nov. 20, 2024, 3:17 p.m.

8.4

CVSS3.1

CVE-2024-43704 - GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are…

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.

πŸ“… Published: Nov. 18, 2024, 4:54 a.m. πŸ”„ Last Modified: Nov. 18, 2024, 5:11 p.m.

5.3

CVSS3.1

CVE-2024-38828 - CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter

Spring MVC controller methods with an @RequestBody byte[]Β method parameter are vulnerable to a DoS attack.

πŸ“… Published: Nov. 18, 2024, 3:45 a.m. πŸ”„ Last Modified: May 9, 2025, 8:15 p.m.

6.9

CVSS4.0

CVE-2024-11306 - Altenergy Power Control Software database improper authorization

A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The expl…

πŸ“… Published: Nov. 18, 2024, 1:31 a.m. πŸ”„ Last Modified: Nov. 19, 2024, 4:28 p.m.
Total resulsts: 344154
Page 7336 of 34,416
Β« previous page Β» next page
Filters