4.2

CVSS3.1

CVE-2024-42383 - Use of Out-of-range Pointer Offset in Mongoose Web Server library

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

πŸ“… Published: Nov. 18, 2024, 9:04 a.m. πŸ”„ Last Modified: Nov. 19, 2024, 5:55 p.m.

8.8

CVSS3.1

CVE-2024-41969 - WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices

A low privileged remote attacker mayΒ modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.

πŸ“… Published: Nov. 18, 2024, 9:04 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-41967 - WAGO: Boot Mode Manipulation in Multiple Devices

A low privileged remote attackerΒ may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.

πŸ“… Published: Nov. 18, 2024, 9:03 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-41968 - WAGO: Docker Settings Manipulation in Multiple Devices

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.

πŸ“… Published: Nov. 18, 2024, 9:03 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-41151 - Apache HertzBeat: RCE by notice template injection vulnerability

Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

πŸ“… Published: Nov. 18, 2024, 8:45 a.m. πŸ”„ Last Modified: June 24, 2025, 4:29 p.m.

7.5

CVSS3.1

CVE-2024-45791 - Apache HertzBeat: Exposure sensitive token via http GET method with query string

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.

πŸ“… Published: Nov. 18, 2024, 8:45 a.m. πŸ”„ Last Modified: June 24, 2025, 4:22 p.m.

8.8

CVSS3.1

CVE-2024-45505 - Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to…

πŸ“… Published: Nov. 18, 2024, 8:44 a.m. πŸ”„ Last Modified: June 24, 2025, 4:23 p.m.

9.8

CVSS3.1

CVE-2024-47208 - Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

πŸ“… Published: Nov. 18, 2024, 8:43 a.m. πŸ”„ Last Modified: June 24, 2025, 4:20 p.m.

8.9

CVSS4.0

CVE-2024-48962 - Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and C…

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.…

πŸ“… Published: Nov. 18, 2024, 8:41 a.m. πŸ”„ Last Modified: Feb. 11, 2025, 4:16 p.m.

8.3

CVSS3.1

CVE-2024-49574 - SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection inΒ the reports module.

πŸ“… Published: Nov. 18, 2024, 7:55 a.m. πŸ”„ Last Modified: Nov. 26, 2024, 2:45 p.m.
Total resulsts: 345168
Page 7436 of 34,517
Β« previous page Β» next page
Filters